Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin < 2.6.2-RC1 RCE

Medium

Synopsis

The remote web server contains a PHP application that is affected by a remote code execution vulnerability.

Description

The remote host is running phpMyAdmin, an open-source software written in PHP to handle the administration of MySQL over the Web. The remote host is vulnerable to a remote Cross-Site Scripting (XSS) flaw. An attacker exploiting these flaws would be need to be able to convince a user to click on a malicious URL. Upon successful exploitation, the attacker would be able to steal credentials or execute code within the browser.

Solution

Upgrade to phpMyAdmin 2.6.2 RC1, or later.