Description

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.

Remediation

References

CVE-2011-3646

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2006-0551)

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6496)

WordPress Plugin Gallery-Responsive Photo and Video Gallery by Limb Cross-Site Scripting (1.3.2)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4579)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2024-38477)

Severity

Medium

Classification

CVE-2011-3646 CWE-20

Tags

Missing Update Known Vulnerabilities