This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote web server hosts a PHP application that is affected by two
cross-site scripting vulnerabilities.
The version of phpMyAdmin hosted on the remote web server is 3.4.x
less than 3.4.9 and thus is reportedly affected by two cross-site
scripting vulnerabilities :
- The 'libraries/display_export.lib.php' script does not
properly sanitize the '$_GET' array elements
'limit_to', 'limit_from' and 'filename_template'
before returning it to the client. (CVE-2011-4780)
- The 'libraries/config/ConfigFile.class.php' script does
not properly sanitize input in the '$host' parameter
before returning it to the client. Note that this issue
relates to the '/setup' directory and configuration of
the application and should not be exploitable if the
recommended installation steps have been performed.
See also :
Upgrade to phpMyAdmin version 3.4.9 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true