Detections
Analytics
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:228)
medium Nessus Plugin ID 79588
Language:
Synopsis
The remote Mandriva Linux host is missing a security update.Description
Multiple vulnerabilities has been discovered and corrected in phpmyadmin :- Multiple XSS vulnerabilities (CVE-2014-8958).
- Local file inclusion vulnerability (CVE-2014-8959).
- XSS vulnerability in error reporting functionality (CVE-2014-8960).
- Leakage of line count of an arbitrary file (CVE-2014-8961).
This upgrade provides the latest phpmyadmin version (4.2.12) to address these vulnerabilities.
Solution
Update the affected phpmyadmin package.See Also
https://sourceforge.net/p/phpmyadmin/news/
http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php
Plugin Details
Severity: Medium
ID: 79588
File Name: mandriva_MDVSA-2014-228.nasl
Version: 1.7
Type: local
Family: Mandriva Local Security Checks
Published: 11/27/2014
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:phpmyadmin, cpe:/o:mandriva:business_server:1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 11/26/2014
Reference Information
CVE: CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961
BID: 71243, 71244, 71245, 71247
MDVSA: 2014:228