Detections
Analytics

FreeBSD : phpMyAdmin -- multiple vulnerabilities (f4a0212f-f797-11e2-9bb9-6805ca0b3d42)

high Nessus Plugin ID 69096

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The phpMyAdmin development team reports :

XSS due to unescaped HTML Output when executing a SQL query.

5 XSS vulnerabilities in setup, chart display, process list, and logo link.

If a crafted version.json would be presented, an XSS could be introduced.

Full path disclosure vulnerabilities.

XSS vulnerability when a text to link transformation is used.

Self-XSS due to unescaped HTML output in schema export.

SQL injection vulnerabilities, producing a privilege escalation (control user).

Solution

Update the affected packages.

See Also

https://www.phpmyadmin.net/security/PMASA-2013-8/

https://www.phpmyadmin.net/security/PMASA-2013-9/

https://www.phpmyadmin.net/security/PMASA-2013-11/

https://www.phpmyadmin.net/security/PMASA-2013-12/

https://www.phpmyadmin.net/security/PMASA-2013-13/

https://www.phpmyadmin.net/security/PMASA-2013-14/

https://www.phpmyadmin.net/security/PMASA-2013-15/

http://www.nessus.org/u?4c62957f

http://www.nessus.org/u?6a9f9ce4

http://www.nessus.org/u?083b881d

Plugin Details

Severity: High

ID: 69096

File Name: freebsd_pkg_f4a0212ff79711e29bb96805ca0b3d42.nasl

Version: 1.9

Type: local

Published: 7/29/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpmyadmin, p-cpe:/a:freebsd:freebsd:phpmyadmin35, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/28/2013

Vulnerability Publication Date: 7/28/2013