VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zeb7-vr2y-8qgg

Essentials
Severities (37)
References (12)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zeb7-vr2y-8qgg
Aliases	CVE-2011-0986 GHSA-wcmm-28rg-mg3r
Summary	phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html
generic_textual	MODERATE	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=035d002db1e1201e73e560d7d98591563b506a83
generic_textual	MODERATE	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
epss	0.00546	https://api.first.org/data/v1/epss?cve=CVE-2011-0986
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/65424
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-wcmm-28rg-mg3r
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-0986
generic_textual	MODERATE	http://www.mandriva.com/security/advisories?name=MDVSA-2011:026
generic_textual	MODERATE	http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html
		http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html
		http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=035d002db1e1201e73e560d7d98591563b506a83
		http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83
		https://api.first.org/data/v1/epss?cve=CVE-2011-0986
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0986
		https://exchange.xforce.ibmcloud.com/vulnerabilities/65424
		https://github.com/phpmyadmin/phpmyadmin
		https://nvd.nist.gov/vuln/detail/CVE-2011-0986
		http://www.mandriva.com/security/advisories?name=MDVSA-2011:026
		http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php
GHSA-wcmm-28rg-mg3r		https://github.com/advisories/GHSA-wcmm-28rg-mg3r

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.66815
EPSS Score	0.00546
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:09:51.704023+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wcmm-28rg-mg3r/GHSA-wcmm-28rg-mg3r.json	37.0.0