This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The CodeIgniter changelog reports :
An improvement was made to the MySQL and MySQLi drivers to prevent
exposing a potential vector for SQL injection on sites using
multi-byte character sets in the database client connection.
An incompatibility in PHP versions < 5.2.3 and MySQL > 5.0.7 with
mysql_set_charset() creates a situation where using multi-byte
character sets on these environments may potentially expose a SQL
injection attack vector. Latin-1, UTF-8, and other 'low ASCII'
character sets are unaffected on all environments.
If you are running or considering running a multi-byte character set
for your database connection, please pay close attention to the server
environment you are deploying on to ensure you are not vulnerable.
See also :
Update the affected package.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now