Description

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.

Remediation

References

CVE-2011-3646

Related Vulnerabilities

Ruby on Rails CVE-2019-5418 Vulnerability (CVE-2019-5418)

WordPress Plugin Woocommerce CSV importer Arbitrary File Deletion (3.3.6)

WordPress Insecure Default Initialization of Resource Vulnerability (CVE-2017-5491)

WordPress Plugin Sagenda-Free booking system PHP Object Injection (1.3.2)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)

Severity

Medium

Classification

CVE-2011-3646 CWE-20

Tags

Missing Update Known Vulnerabilities