phpMyAdmin 4.0.x < 220.127.116.11 'import.php' Security Vulnerability
Medium Nessus Network Monitor Plugin ID 6917
SynopsisThe remote web server contains a PHP application that is affected by a security vulnerability as a result of improper user input sanitation.
DescriptionVersions of phpMyAdmin 4.0.0 through 4.0.4 are potentially affected by a remote security vulnerability that lets attackers inject arbitrary GLOBALS variable. The issue occurs because the application fails to properly sanitize user-supplied input submitted to the 'import.php' script. Attackers can exploit this issue to inject arbitrary GLOBALS variables and manipulate any configuration parameters.
SolutionApply the vendor patches or upgrade to phpMyAdmin 18.104.22.168 or later.