This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Multiple vulnerabilities has been discovered and corrected in
- XSS due to unescaped HTML Output when executing a SQL
- 5 XSS vulnerabilities in setup, chart display, process
list, and logo link. If a crafted version.json would be
presented, an XSS could be introduced (CVE-2013-4996,
- Full path disclosure vulnerabilities (CVE-2013-4998,
- Self-XSS due to unescaped HTML output in schema export
- SQL injection vulnerabilities, producing a privilege
escalation (control user) (CVE-2013-5003).
This upgrade provides the latest phpmyadmin version (184.108.40.206) to
address these vulnerabilities.
See also :
Update the affected phpmyadmin package.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.4
Public Exploit Available : true