| VID |
210136 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyAdmin package, according to its version number, has multiple vulnerabilities. The remote host contains a version of phpMyAdmin - 3.5.x less than 3.5.3 - that is affected by multiple vulnerabilities:
- When creating or modifying a trigger, event, or procedure with a crafted name, it is possible for a user to trigger a cross-site scripting (XSS) attack.
- A man-in-the-middle (MITM) attack is possible when fetching the version information from a non-SSL site.
* Note: This check solely relied on the version number of the remote phpMyAdmin software to assess this vulnerability, so this might be a false positive.
* References:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php
http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php
* Platforms Affected:
phpMyAdmin prior to 3.5.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpMyAdmin (3.5.3 or later), available from the phpMyAdmin Download Web page at http://www.phpmyadmin.net/home_page/downloads.php |
| Related URL |
CVE-2012-5339,CVE-2012-5368 (CVE) |
| Related URL |
55925,55939 (SecurityFocus) |
| Related URL |
(ISS) |
|
