phpMyAdmin < 2.6.2-RC1 RCE
Medium Nessus Network Monitor Plugin ID 2787
SynopsisThe remote web server contains a PHP application that is affected by a remote code execution vulnerability.
DescriptionThe remote host is running phpMyAdmin, an open-source software written in PHP to handle the administration of MySQL over the Web. The remote host is vulnerable to a remote Cross-Site Scripting (XSS) flaw. An attacker exploiting these flaws would be need to be able to convince a user to click on a malicious URL. Upon successful exploitation, the attacker would be able to steal credentials or execute code within the browser.
SolutionUpgrade to phpMyAdmin 2.6.2 RC1, or later.