The remote FreeBSD host is missing a security-related update.
The phpMyAdmin development team reports : XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a local file inclusion vulnerability and code execution. It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This is very similar to PMASA-2011-5, documented in 7e4e5c53-a56c-11e0-b180-00216aa06fc2