phpMyAdmin < 22.214.171.124 / 3.x < 126.96.36.199 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5209
SynopsisThe remote web server contains a PHP application that is vulnerable to multiple attack vectors.
DescriptionThe remote web server is running a version of phpMyAdmin prior to 188.8.131.52, or 3.x prior to 184.108.40.206. Such versions are potentially affected by multiple issues :
- A cross-site scripting (XSS) flaw exists which allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. (CVE-2009-3696)
- A SQL injection flaw affects the PDF schema generator functionality. Specifically, this flaw allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. (CVE-2009-3697)
SolutionUpgrade to phpMyAdmin 220.127.116.11 or 18.104.22.168 or later.