icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

phpMyAdmin < 2.6.2-RC1 RCE

Medium

Synopsis

The remote web server contains a PHP application that is affected by a remote code execution vulnerability.

Description

The remote host is running phpMyAdmin, an open-source software written in PHP to handle the administration of MySQL over the Web. The remote host is vulnerable to a remote Cross-Site Scripting (XSS) flaw. An attacker exploiting these flaws would be need to be able to convince a user to click on a malicious URL. Upon successful exploitation, the attacker would be able to steal credentials or execute code within the browser.

Solution

Upgrade to phpMyAdmin 2.6.2 RC1, or later.