Description
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin Fast Secure Contact Form-Clockwork SMS Cross-Site Scripting (2.1.2)
Joomla! Core Cross-Site Scripting (2.5.0 - 3.9.24)
WordPress Plugin GD Star Rating 'tpl_section' Parameter Cross-Site Scripting (1.9.16)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16738)
Atlassian Confluence Uncontrolled Search Path Element Vulnerability (CVE-2021-43940)