This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Updated phpmyadmin package fixes security vulnerabilities :
In some PHP versions, the preg_replace\(\) function can be tricked
into executing arbitrary PHP code on the server. This is done by
passing a crafted argument as the regular expression, containing a
null byte. phpMyAdmin does not correctly sanitize an argument passed
to preg_replace\(\) when using the Replace table prefix feature,
opening the way to this vulnerability (CVE-2013-3238).
phpMyAdmin can be configured to save an export file on the web server,
via its SaveDir directive. With this in place, it's possible, either
via a crafted filename template or a crafted table name, to save a
double extension file like foobar.php.sql. In turn, an Apache
webserver on which there is no definition for the MIME type sql (the
default) will treat this saved file as a .php script, leading to
remote code execution (CVE-2013-3239).
Update the affected phpmyadmin package.
Risk factor :
Medium / CVSS Base Score : 6.0
CVSS Temporal Score : 5.2
Public Exploit Available : true