|
Family: CGI abuses --> Category: infos
phpMyAdmin multiple flaws Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of phpMyAdmin
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that suffers from
multiple vulnerabilities.
Description :
The remote host is running a version of phpMyAdmin which is vulnerable to
several flaws :
- It may be tricked into disclosing the physical path of the remote PHP
installation.
- It is vulnerable to cross-site scripting, which may allow a possible hacker
to steal the cookies of your users.
- It is vulnerable to a flaw which may allow a possible hacker to list the
contents of arbitrary directories on the remote server.
A possible hacker may use these flaws to gain more knowledge about the remote
host and therefore set up more complex attacks against it.
See also :
http://www.securityfocus.com/archive/1/325641
http://www.securityfocus.com/archive/1/327511
Solution :
Upgrade to phpMyAdmin 2.5.2 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|