This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.
The remote web server contains a PHP application that may allow
execution of arbitrary code.
The setup script included with the version of phpMyAdmin installed on
the remote host does not properly sanitize user-supplied input before
using it to generate a config file for the application. Submitting a
specially crafted POST request can result in arbitrary PHP code
A remote attacker could exploit this issue in a cross-site request
forgery attack, which could be used to execute arbitrary commands
on the system with the privileges of the web server.
See also :
Upgrade to phpMyAdmin 2.11.10 / 3.0.0 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true