This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote web server hosts a PHP application that is affected by two
cross-site scripting vulnerabilities.
The version of phpMyAdmin hosted on the remote web server is 3.4.x
less than 3.4.9 and thus is reportedly affected by two cross-site
scripting vulnerabilities :
- The 'libraries/display_export.lib.php' script does not
properly sanitize the '$_GET' array elements
'limit_to', 'limit_from' and 'filename_template'
before returning it to the client. (CVE-2011-4780)
- The 'libraries/config/ConfigFile.class.php' script does
not properly sanitize input in the '$host' parameter
before returning it to the client. Note that this issue
relates to the '/setup' directory and configuration of
the application and should not be exploitable if the
recommended installation steps have been performed.
See also :
Upgrade to phpMyAdmin version 3.4.9 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 57372 ()
Bugtraq ID: 5116651226
CVE ID: CVE-2011-4780CVE-2011-4782
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.