Detections
Analytics
phpMyAdmin 3.3.1 - 4.1.6 XSS
low Nessus Network Monitor Plugin ID 8151
Synopsis
The remote web server contains a PHP application that is affected by a cross-site scripting vulnerability.Description
Versions of phpMyAdmin 3.3.1 through 4.1.6 (inclusive) are affected by a cross-site scripting vulnerability, due to insufficient user input sanitation of filenames within the 'import.php' script.Solution
Either upgrade to phpMyAdmin 4.1.7 or later, or apply the patches from the referenced link.See Also
http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php
Plugin Details
Severity: Low
ID: 8151
Family: CGI
Published: 3/6/2014
Updated: 3/6/2019
Nessus ID: 72714
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Low
Base Score: 3.5
Temporal Score: 3
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS v3
Risk Factor: Low
Base Score: 3.1
Temporal Score: 3
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:phpmyadmin:phpmyadmin
Patch Publication Date: 2/15/2014
Vulnerability Publication Date: 2/15/2014
Reference Information
CVE: CVE-2014-1879
BID: 65717