phpMyAdmin 2.11.x before 220.127.116.11, and 3.3.x before 18.104.22.168, does not
properly handle the absence of the (1) README, (2) ChangeLog, and (3)
LICENSE files, which allows remote attackers to obtain the installation
path via a direct request for a nonexistent file.
mdeslaur> paths in packages are already well-known
Updated: 2016-03-23 03:38:17 UTC (commit 10817)