FreeBSD : phppgadmin -- 'formLanguage' local file inclusion vulnerability (88188a8c-eff6-11d9-8310-0001020eed82)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A Secunia Advisory reports :

A vulnerability has been reported in phpPgAdmin, which can be
exploited by malicious people to disclose sensitive information.

Input passed to the 'formLanguage' parameter in 'index.php' isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from local resources.

Successful exploitation requires that 'magic_quotes_gpc' is disabled.

See also :

http://sourceforge.net/project/shownotes.php?release_id=342261
http://www.nessus.org/u?dbdc699a

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19350 (freebsd_pkg_88188a8ceff611d983100001020eed82.nasl)

Bugtraq ID: 14142

CVE ID: CVE-2005-2256

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now