phpMyAdmin 2.11.x before 126.96.36.199, and 3.3.x before 188.8.131.52, does not
properly handle the absence of the (1) README, (2) ChangeLog, and (3)
LICENSE files, which allows remote attackers to obtain the installation
path via a direct request for a nonexistent file.
mdeslaur> paths in packages are already well-known
Updated: 2015-10-17 03:36:17 UTC (commit 10086)