FreeBSD : phpMyAdmin -- multiple vulnerabilities (f4a0212f-f797-11e2-9bb9-6805ca0b3d42)

High Nessus Plugin ID 69096


The remote FreeBSD host is missing one or more security-related updates.


The phpMyAdmin development team reports :

XSS due to unescaped HTML Output when executing a SQL query.

5 XSS vulnerabilities in setup, chart display, process list, and logo link.

If a crafted version.json would be presented, an XSS could be introduced.

Full path disclosure vulnerabilities.

XSS vulnerability when a text to link transformation is used.

Self-XSS due to unescaped HTML output in schema export.

SQL injection vulnerabilities, producing a privilege escalation (control user).


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 69096

File Name: freebsd_pkg_f4a0212ff79711e29bb96805ca0b3d42.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2013/07/29

Modified: 2017/10/02

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpMyAdmin, p-cpe:/a:freebsd:freebsd:phpMyAdmin35, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/07/28

Vulnerability Publication Date: 2013/07/28