phpMyAdmin /libraries/string.lib.php Direct Request Path Disclosure
Remote / Network Access
Loss of Confidentiality
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /libraries/string.lib.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Upgrade to version 2.6.4-pl4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.