This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200412-19
(phpMyAdmin: Multiple vulnerabilities)
Nicolas Gregoire (exaprobe.com) has discovered two vulnerabilities
that exist only on a webserver where PHP safe_mode is off. These
vulnerabilities could lead to command execution or file disclosure.
On a system where external MIME-based transformations are enabled,
an attacker can insert offensive values in MySQL, which would start a
shell when the data is browsed. On a system where the UploadDir is
enabled, read_dump.php could use the unsanitized sql_localfile variable
to disclose a file.
You can temporarily enable PHP safe_mode or disable external
MIME-based transformation AND disable the UploadDir. But instead, we
strongly advise to update your version to 2.6.1_rc1.
See also :
All phpMyAdmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-2.6.1_rc1'
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Gentoo Local Security Checks
Nessus Plugin ID: 16006 (gentoo_GLSA-200412-19.nasl)
CVE ID: CVE-2004-1147CVE-2004-1148
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.