FreeBSD : phpMyAdmin -- SQL injection (97fcc60a-6ec0-11ea-a84a-4c72b94353b5)

high Nessus Plugin ID 134923

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

phpMyAdmin Team reports :

PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password

PMASA-2020-3 SQL injection vulnerability relating to the search feature

PMASA-2020-4 SQL injection and XSS having to do with displaying results

Removing of the 'options' field for the external transformation

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?c125faf3

http://www.nessus.org/u?5aede1c5

Plugin Details

Severity: High

ID: 134923

File Name: freebsd_pkg_97fcc60a6ec011eaa84a4c72b94353b5.nasl

Version: 1.2

Type: local

Published: 3/26/2020

Updated: 5/7/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpmyadmin, p-cpe:/a:freebsd:freebsd:phpmyadmin-php72, p-cpe:/a:freebsd:freebsd:phpmyadmin-php73, p-cpe:/a:freebsd:freebsd:phpmyadmin-php74, p-cpe:/a:freebsd:freebsd:phpmyadmin5, p-cpe:/a:freebsd:freebsd:phpmyadmin5-php72, p-cpe:/a:freebsd:freebsd:phpmyadmin5-php73, p-cpe:/a:freebsd:freebsd:phpmyadmin5-php74, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/25/2020

Vulnerability Publication Date: 3/21/2020