This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
A phpMyAdmin security announcement report :
phpMyAdmin used the $_REQUEST superglobal as a source for its
parameters, instead of $_GET and $_POST. This means that on most
servers, a cookie with the same name as one of phpMyAdmin's parameters
Another application could set a cookie for the root path '/' with a
'sql_query' name, therefore overriding the user-submitted sql_query
because by default, the $_REQUEST superglobal imports first GET, then
POST then COOKIE data. Mitigation factor An attacker must trick the
victim into visiting a page on the same web server where he has placed
code that creates a malicious cookie.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.4
Public Exploit Available : true