Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-0986)

Description

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.

Remediation

References

Related Vulnerabilities

Oracle Database Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-0275)

WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.8.2)

WordPress Plugin 2Way VideoCalls and Random Chat-HTML5 Webcam Videochat Cross-Site Scripting (5.2.7)

WordPress Plugin 5gig Concerts Unspecified Vulnerability (1.0)

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.6)

Severity

Medium

Classification

CVE-2011-0986 CWE-20

Tags

Missing Update Known Vulnerabilities