Medium Nessus Plugin ID 20820
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:004 (phpMyAdmin).
Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079).
Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665).
We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above.