FreeBSD : phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page. (25b78f04-59c8-11e4-b711-6805ca0b3d42)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyAdmin development team reports :

With a crafted database or table name it is possible to trigger an XSS
in SQL debug output when enabled and in server monitor page when
viewing and analysing executed queries.

This vulnerability can be triggered only by someone who is logged in
to phpMyAdmin, as the usual token protection prevents non-logged-in
users from accessing the required pages. Moreover, debugging SQL is a
developer option which is disabled by default and expected to be
disabled in production environments.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php
http://www.nessus.org/u?80f5780e

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 78634 ()

Bugtraq ID:

CVE ID: CVE-2014-8326

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now