This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The phpMyAdmin development team reports :
It was possible to manipulate the PHP session superglobal using some
of the Swekey authentication code. This could open a path for other
An unsanitized key from the Servers array is written in a comment of
the generated config. An attacker can modify this key by modifying the
SESSION superglobal array. This allows the attacker to close the
comment and inject code.
Through a possible bug in PHP running on Windows systems a NULL byte
can truncate the pattern string allowing an attacker to inject the /e
modifier causing the preg_replace function to execute its second
argument as PHP code.
Fixed filtering of a file path in the MIME-type transformation code,
which allowed for directory traversal.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true