Synopsis :

The remote web server contains a PHP application that suffers from
multiple vulnerabilities.

Description :

The remote host is running a version of phpMyAdmin that is vulnerable
to several attacks :

- It may be tricked into disclosing the physical path of the remote PHP
installation.

- It is vulnerable to cross-site scripting that could allow an attacker
to steal the cookies of your users.

- It is vulnerable to a flaw that could allow an attacker to list the
contents of arbitrary directories on the remote server.

An attacker could use these flaws to gain more knowledge about the remote
host and therefore set up more complex attacks against it.

See also :

http://www.securityfocus.com/archive/1/325641
http://www.securityfocus.com/archive/1/327511

Solution :

Upgrade to phpMyAdmin 2.5.2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true