This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote Fedora host is missing a security update.
This update solves PMASA-2008-6 (phpMyAdmin security announcement)
from 2008-07-28: Cross-site Framing; XSS in setup.php; see
[interface] Table list pagination in navi - [profiling] Profiling
causes query to be executed again (really causes a problem in case of
INSERT/UPDATE) - [import] SQL file import very slow on Windows -
[XHTML] problem with tabindex and radio fields - [interface] tabindex
not set correctly - [views] VIEW name created via the GUI was not
protected with backquotes - [interface] Deleting multiple views (space
in name) - [parser] SQL parser removes essential space - [export] CSV
for MS Excel incorrect escaping of double quotes - [interface] Font
size option problem when no config file - [relation] Relationship view
should check for changes - [history] Do not save too big queries in
history - [security] Do not show version info on login screen -
[import] Potential data loss on import resubmit - [export] Safari and
timedate - [import, export] Import/Export fails because of Mac files -
[security] protection against cross- frame scripting and new directive
AllowThirdPartyFraming - [security] possible XSS during setup -
[interface] revert language changing problem introduced with 220.127.116.11
phpMyAdmin 18.104.22.168 is a bugfix-only version containing normal bug
fixes and two security fixes. This version is identical to 2.11.8,
except it includes a fix for a notice about 'lang'.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected phpMyAdmin package.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : true