|Category:||Information Leak / Disclosure|
Published on 06/04/12 - Updated on 18/01/18
show_config_errors.php in phpMyAdmin 3.4.x before 18.104.22.168, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.
CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.