FreeBSD : phpMyAdmin -- XSS vulnerabilities (3e8b7f8a-49b0-11e4-b711-6805ca0b3d42)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyAdmin development team reports :

With a crafted ENUM value it is possible to trigger an XSS in table
search and table structure pages. This vulnerability can be triggered
only by someone who is logged in to phpMyAdmin, as the usual token
protection prevents non-logged-in users from accessing the required
pages.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php
http://www.nessus.org/u?37660ae6

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 78015 ()

Bugtraq ID:

CVE ID: CVE-2014-7217

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now