icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

phpMyAdmin 3.3.x < 3.3.10.1 / 3.4.x < 3.4.1 Multiple Vulnerabilities

Medium

Synopsis

The remote web server contains a PHP application that is vulnerable to multiple attack vectors.

Description

Versions of phpMyAdmin 3.3.x earlier than 3.3.10.1 and 3.4.x earlier than 3.4.1 are potentially affected by multiple vulnerabilities :

- It is possible to create a crafted table name that could lead to a cross-site scripting attack. (PMASA-2011-3)

- It is possible to redirect to an arbitrary, untrusted site, leading to a possible phishing site. (PMASA-2011-4)

Solution

Upgrade to phpMyAdmin 3.3.10.1, 3.4.1, or later.