This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Multiple vulnerabilities has been discovered and corrected in
- XSS due to unescaped HTML Output when executing a SQL
- 5 XSS vulnerabilities in setup, chart display, process
list, and logo link. If a crafted version.json would be
presented, an XSS could be introduced (CVE-2013-4996,
- Full path disclosure vulnerabilities (CVE-2013-4998,
- Self-XSS due to unescaped HTML output in schema export
- SQL injection vulnerabilities, producing a privilege
escalation (control user) (CVE-2013-5003).
This upgrade provides the latest phpmyadmin version (18.104.22.168) to
address these vulnerabilities.
See also :
Update the affected phpmyadmin package.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.4
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 69154 ()
Bugtraq ID: 6149361510615136151561516
CVE ID: CVE-2013-4995CVE-2013-4996CVE-2013-4997CVE-2013-4998CVE-2013-5000CVE-2013-5002CVE-2013-5003
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.