phpMyAdmin 4.0.x < / 4.2.x < / 4.3.x < / 4.4.x < Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3)

Medium Nessus Network Monitor Plugin ID 9104


The remote web server contains a PHP application that is affected by multiple vulnerabilities.


Versions of phpMyAdmin 4.0.x prior to, 4.2.x prior to, 4.3.x prior to, or 4.4.x prior to are unpatched for the following vulnerabilities :

- An attacker could trick a user with a crafted URL during installation to alter the configuration file being generated. (CVE-2015-3902)
- A flaw exists in 'libraries/Config.class.php' due to an error in an API call to GitHub that allows a man-in-the-middle attacker to perform unauthorized actions. (CVE-2015-3903)


Upgrade to phpMyAdmin / / / or later, or apply the patches referenced in the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 9104

Family: CGI

Published: 2016/02/25

Modified: 2016/02/25

Dependencies: 9102

Nessus ID: 83732

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 5.3


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Patch Publication Date: 2015/05/13

Vulnerability Publication Date: 2015/05/12

Reference Information

CVE: CVE-2015-3902, CVE-2015-3903

BID: 74657, 74660