phpMyAdmin 3.3.x < 22.214.171.124 / 3.4.x < 3.4.1 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5930
SynopsisThe remote web server contains a PHP application that is vulnerable to multiple attack vectors.
DescriptionVersions of phpMyAdmin 3.3.x earlier than 126.96.36.199 and 3.4.x earlier than 3.4.1 are potentially affected by multiple vulnerabilities :
- It is possible to create a crafted table name that could lead to a cross-site scripting attack. (PMASA-2011-3)
- It is possible to redirect to an arbitrary, untrusted site, leading to a possible phishing site. (PMASA-2011-4)
SolutionUpgrade to phpMyAdmin 188.8.131.52, 3.4.1, or later.