FreeBSD : phpmyadmin -- XSS and sensitive data leakage (00ec1be1-22bb-11e6-9ead-6805ca0b3d42)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpmyadmin development team reports : Description Because user SQL
queries are part of the URL, sensitive information made as part of a
user query can be exposed by clicking on external links to attackers
monitoring user GET query parameters or included in the webserver
logs. Severity We consider this to be non-critical. Description A
specially crafted attack could allow for special HTML characters to be
passed as URL encoded values and displayed back as special characters
in the page. Severity We consider this to be non-critical.

See also :

https://www.phpmyadmin.net/security/PMASA-2016-14/
https://www.phpmyadmin.net/security/PMASA-2016-16/
http://www.nessus.org/u?f6a93983

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91332 ()

Bugtraq ID:

CVE ID: CVE-2016-5097
CVE-2016-5099

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now