This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote web server hosts a PHP application that is affected by
According to its self-identified version number, the phpMyAdmin 3.5.x
install hosted on the remote web server is earlier than 3.5.3 and is,
therefore, affected by multiple vulnerabilities :
- When creating or modifying a trigger, event, or
procedure with a crafted name, it is possible for a user
to trigger a cross-site scripting (XSS) attack.
- A man-in-the-middle (MITM) attack is possible when
fetching the version information from a non-SSL site.
To display information about the current phpMyAdmin
phpmyadmin.net website in non-SSL mode. A MITM attack
could modify this script on the wire.
See also :
Either upgrade to phpMyAdmin 3.5.3 or later, or apply the patches from
the referenced links.
Risk factor :
Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.9
Public Exploit Available : true