|
Family: CGI abuses --> Category: infos
phpMyAdmin < 2.9.1 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Tries to pass in a numeric key in phpMyAdmin
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that suffers from
multiple issues.
Description :
The version of phpMyAdmin installed on the remote host allows an
unauthenticated attacker to bypass variable blacklisting in its
globalization routine and destroy, for example, the contents of
session variables.
See also :
http://www.hardened-php.net/advisory_072006.130.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0006.html
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5
Solution :
Upgrade to phpMyAdmin version 2.9.0.1 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|