FreeBSD : phpMyAdmin -- Global variable scope injection (1b93f6fe-e1c1-11e2-948d-6805ca0b3d42)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyAdmin development team reports :

The import.php script was vulnerable to GLOBALS variable injection.
Therefore, an attacker could manipulate any configuration parameter.

This vulnerability can be triggered only by someone who logged in to
phpMyAdmin, as the usual token protection prevents non-logged-in users
from accessing the required form.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php
http://www.nessus.org/u?df232f4e

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.5
(CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 67117 ()

Bugtraq ID:

CVE ID: CVE-2013-4729

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now