FreeBSD : phpmyadmin -- CSRF vulnerabilities (19b17ab4-51e0-11db-a5ae-00508d6a62df)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

phpMyAdmin team reports :

We received a security advisory from Stefan Esser
([email protected]) and we wish to thank him for his work.

It was possible to inject arbitrary SQL commands by forcing an
authenticated user to follow a crafted link.

See also :

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5
http://www.nessus.org/u?565016bb

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22487 (freebsd_pkg_19b17ab451e011dba5ae00508d6a62df.nasl)

Bugtraq ID: 20253

CVE ID: CVE-2006-5116
CVE-2006-5117

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now