Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:243)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Multiple vulnerabilities has been discovered and corrected in
phpmyadmin :

libraries/ in phpMyAdmin 4.0.x before, 4.1.x
before, and 4.2.x before allows remote attackers to
cause a denial of service (resource consumption) via a long password

Cross-site scripting (XSS) vulnerability in the redirection feature in
url.php in phpMyAdmin 4.2.x before allows remote attackers to
inject arbitrary web script or HTML via the url parameter

This upgrade provides the latest phpmyadmin version ( to
address these vulnerabilities.

See also :

Solution :

Update the affected phpmyadmin package.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 79988 ()

Bugtraq ID: 71434

CVE ID: CVE-2014-9218

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now