| Name | CVE-2011-0986 |
| Description | phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| phpmyadmin (PTS) | bullseye | 4:5.0.4+dfsg2-2+deb11u1 | fixed |
| bookworm | 4:5.2.1+dfsg-1 | fixed | |
| trixie | 4:5.2.1+dfsg-2 | fixed | |
| sid | 4:5.2.1+dfsg-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| phpmyadmin | source | (unstable) | 4:3.3.9.2-1 | unimportant |
Path disclosure; paths in Debian are public info already