FreeBSD Ports: PhpMyAdmin Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php http://www.vuxml.org/freebsd/db1d3340-e83b-11e1-999b-e0cb4e266481.html

Insight

The following package is affected: phpMyAdmin CVE-2012-4345 Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.

Severity

Classification

CVE CVE-2012-4345

CVSS	Base Score: 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N

Related Vulnerabilities

FreeBSD Ports: phpldapadmin098
FreeBSD Ports: getmail
FreeBSD Ports: unzip, zh-unzip, ko-unzip
FreeBSD Ports: ja-groff
FreeBSD Ports: mailman, ja-mailman, mailman-with-htdig

FreeBSD Ports: phpMyAdmin

Take action and discover your vulnerabilities