Description

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.

Remediation

References

CVE-2011-0986

Related Vulnerabilities

Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21672)

Jboss EAP Credentials Management Errors Vulnerability (CVE-2009-5066)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43730)

MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20225)

Drupal Core 9.2.x Cross-Site Request Forgery (9.2.0 - 9.2.5)

Severity

Medium

Classification

CVE-2011-0986 CWE-20

Tags

Missing Update Known Vulnerabilities