phpMyAdmin 3.3.1 - 4.1.6 XSS

Low Nessus Network Monitor Plugin ID 8151

Synopsis

The remote web server contains a PHP application that is affected by a cross-site scripting vulnerability.

Description

Versions of phpMyAdmin 3.3.1 through 4.1.6 (inclusive) are affected by a cross-site scripting vulnerability, due to insufficient user input sanitation of filenames within the 'import.php' script.

Solution

Either upgrade to phpMyAdmin 4.1.7 or later, or apply the patches from the referenced link.

See Also

http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php

Plugin Details

Severity: Low

ID: 8151

Family: CGI

Published: 2014/03/06

Modified: 2016/11/23

Dependencies: 9102

Nessus ID: 72714

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 3.5

Temporal Score: 3

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 3

Temporal Score: 2.8

Vector: CVSS3#AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Patch Publication Date: 2014/02/15

Vulnerability Publication Date: 2014/02/15

Reference Information

CVE: CVE-2014-1879

BID: 65717