phpMyAdmin 2.11.x before 18.104.22.168, and 3.3.x before 22.214.171.124, does not
properly handle the absence of the (1) README, (2) ChangeLog, and (3)
LICENSE files, which allows remote attackers to obtain the installation
path via a direct request for a nonexistent file.
mdeslaur> paths in packages are already well-known
Updated: 2016-01-26 17:38:39 UTC (commit 10507)