icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

phpMyAdmin < 2.11.10 Multiple Vulnerabilities

High

Synopsis

The remote web server contains a PHP application that is vulnerable to multiple attack vectors.

Description

The remote web server is running a version of phpMyAdmin earlier than 2.11.10. Such versions are potentially affected by multiple vulnerabilities :

- A cross-site request forgery attack because the application uses the 'unserialize()' PHP function on potentially unsafe data in the setup script.(CVE-2009-4605)

- An insecure file creation and deletion vulnerability due to the way phpMyAdmin creates temporary files.

Solution

Upgrade to phpMyAdmin 2.11.10 or later.