The remote web server contains a PHP application that is vulnerable to multiple attack vectors.
Versions of phpMyAdmin 3.3.x earlier than 18.104.22.168 and 3.4.x earlier than 22.214.171.124 are potentially affected by multiple vulnerabilities : - It is possible to manipulate the PHP session superglobal usig some of the Swekey authentication code. (PMASA-2011-5) - An unsanitized key from the Servers array is written in a comment of the generated config, which could allow an attacker to close the comment and inject code. (PMASA-2011-6) - It is possible to use a null byte to truncate the pattern string which would allow an attacker to inject the /e modifier causing the pre_replace function to execute its second argument as PHP code. (PMASA-2011-7) - An issue exists in the MIME-type transformation code, which allows for directory traversal. (PMASA-2011-8)
Upgrade to phpMyAdmin 126.96.36.199, 188.8.131.52, or later.