FreeBSD : phpMyAdmin -- multiple vulnerabilities (f4a0212f-f797-11e2-9bb9-6805ca0b3d42)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The phpMyAdmin development team reports :

XSS due to unescaped HTML Output when executing a SQL query.

5 XSS vulnerabilities in setup, chart display, process list, and logo
link.

If a crafted version.json would be presented, an XSS could be
introduced.

Full path disclosure vulnerabilities.

XSS vulnerability when a text to link transformation is used.

Self-XSS due to unescaped HTML output in schema export.

SQL injection vulnerabilities, producing a privilege escalation
(control user).

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php
http://www.nessus.org/u?4c62957f
http://www.nessus.org/u?8033f4e5
http://www.nessus.org/u?55337292

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 69096 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now