CVE-2011-0986

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.

Published: Feb 14, 2011
Updated: Nov 9, 2025
CVE: CVE-2011-0986
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
phpmyadmin / phpmyadmin	3.0.1.1	3.0.1.1.x
phpmyadmin / phpmyadmin	3.2.1	3.2.1.x
phpmyadmin / phpmyadmin	2.11.1.2	2.11.1.2.x
phpmyadmin / phpmyadmin	3.1.4	3.1.4.x
phpmyadmin / phpmyadmin	3.1.3	3.1.3.x
phpmyadmin / phpmyadmin	2.11.5.1	2.11.5.1.x
phpmyadmin / phpmyadmin	2.11.5.0	2.11.5.0.x
phpmyadmin / phpmyadmin	3.3.8.1	3.3.8.1.x
phpmyadmin / phpmyadmin	3.2.0	3.2.0.x
phpmyadmin / phpmyadmin	3.2.1-rc1	3.2.1-rc1.x
phpmyadmin / phpmyadmin	3.1.2	3.1.2.x
phpmyadmin / phpmyadmin	2.11.9.0	2.11.9.0.x
phpmyadmin / phpmyadmin	3.1.0-beta1	3.1.0-beta1.x
phpmyadmin / phpmyadmin	2.11.9.1	2.11.9.1.x
phpmyadmin / phpmyadmin	3.3.3.0	3.3.3.0.x
phpmyadmin / phpmyadmin	3.0.0-alpha	3.0.0-alpha.x
phpmyadmin / phpmyadmin	3.3.4.0	3.3.4.0.x
phpmyadmin / phpmyadmin	3.1.0	3.1.0.x
phpmyadmin / phpmyadmin	2.11.5.2	2.11.5.2.x
phpmyadmin / phpmyadmin	2.11.2.2	2.11.2.2.x
phpmyadmin / phpmyadmin	3.0.0	3.0.0.x
phpmyadmin / phpmyadmin	3.2.0-beta1	3.2.0-beta1.x
phpmyadmin / phpmyadmin	2.11.8.0	2.11.8.0.x
phpmyadmin / phpmyadmin	3.3.1.0	3.3.1.0.x
phpmyadmin / phpmyadmin	3.3.7	3.3.7.x
phpmyadmin / phpmyadmin	2.11.11	2.11.11.x
phpmyadmin / phpmyadmin	3.0.0-rc1	3.0.0-rc1.x
phpmyadmin / phpmyadmin	2.11.4.0	2.11.4.0.x
phpmyadmin / phpmyadmin	3.1.5-rc1	3.1.5-rc1.x
phpmyadmin / phpmyadmin	2.11.2.1	2.11.2.1.x
phpmyadmin / phpmyadmin	3.1.5	3.1.5.x
phpmyadmin / phpmyadmin	3.1.1-rc1	3.1.1-rc1.x
phpmyadmin / phpmyadmin	3.1.4-rc2	3.1.4-rc2.x
phpmyadmin / phpmyadmin	3.3.5.0	3.3.5.0.x
phpmyadmin / phpmyadmin	2.11.9.5	2.11.9.5.x
phpmyadmin / phpmyadmin	2.11.10.0	2.11.10.0.x
phpmyadmin / phpmyadmin	3.1.1	3.1.1.x
phpmyadmin / phpmyadmin	2.11.6.0	2.11.6.0.x
phpmyadmin / phpmyadmin	3.3.0.0	3.3.0.0.x
phpmyadmin / phpmyadmin	3.3.6	3.3.6.x
phpmyadmin / phpmyadmin	3.3.2.0	3.3.2.0.x
phpmyadmin / phpmyadmin	2.11.7.0	2.11.7.0.x
phpmyadmin / phpmyadmin	3.3.9.0	3.3.9.0.x
phpmyadmin / phpmyadmin	2.11.9.6	2.11.9.6.x
phpmyadmin / phpmyadmin	3.1.3-rc1	3.1.3-rc1.x
phpmyadmin / phpmyadmin	3.1.3.2	3.1.3.2.x
phpmyadmin / phpmyadmin	2.11.2.0	2.11.2.0.x
phpmyadmin / phpmyadmin	2.11.9.2	2.11.9.2.x
phpmyadmin / phpmyadmin	2.11.9.3	2.11.9.3.x
phpmyadmin / phpmyadmin	3.3.5.1	3.3.5.1.x
phpmyadmin / phpmyadmin	3.0.0-beta	3.0.0-beta.x
phpmyadmin / phpmyadmin	2.11.1.1	2.11.1.1.x
phpmyadmin / phpmyadmin	3.0.1	3.0.1.x
phpmyadmin / phpmyadmin	2.11.11.1	2.11.11.1.x
phpmyadmin / phpmyadmin	2.11.9.4	2.11.9.4.x
phpmyadmin / phpmyadmin	3.1.3.1	3.1.3.1.x
phpmyadmin / phpmyadmin	2.11.7.1	2.11.7.1.x
phpmyadmin / phpmyadmin	2.11.3.0	2.11.3.0.x
phpmyadmin / phpmyadmin	3.1.2-rc1	3.1.2-rc1.x
phpmyadmin / phpmyadmin	3.3.8	3.3.8.x
phpmyadmin / phpmyadmin	3.2.0-rc1	3.2.0-rc1.x
phpmyadmin / phpmyadmin	3.2.2	3.2.2.x
phpmyadmin / phpmyadmin	3.0.1-rc1	3.0.1-rc1.x
phpmyadmin / phpmyadmin	2.11.1.0	2.11.1.0.x
phpmyadmin / phpmyadmin	3.2.2-rc1	3.2.2-rc1.x
phpmyadmin / phpmyadmin	2.11.0	2.11.0.x
phpmyadmin / phpmyadmin	2.11.10.1	2.11.10.1.x

Vulnerability Database

315,050

CVE-2011-0986

Deep Security Visibility Without the Complexity