phpMyAdmin 3.3.1 - 4.1.6 XSS

low Nessus Network Monitor Plugin ID 8151

Synopsis

The remote web server contains a PHP application that is affected by a cross-site scripting vulnerability.

Description

Versions of phpMyAdmin 3.3.1 through 4.1.6 (inclusive) are affected by a cross-site scripting vulnerability, due to insufficient user input sanitation of filenames within the 'import.php' script.

Solution

Either upgrade to phpMyAdmin 4.1.7 or later, or apply the patches from the referenced link.

See Also

http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php

Plugin Details

Severity: Low

ID: 8151

Family: CGI

Published: 3/6/2014

Updated: 3/6/2019

Nessus ID: 72714

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 3

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.1

Temporal Score: 3

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Patch Publication Date: 2/15/2014

Vulnerability Publication Date: 2/15/2014

Reference Information

CVE: CVE-2014-1879

BID: 65717