Summary
The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:026-1.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:026-1
Insight
Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote attackers to inject arbitrary web script or HTML by using db script parameter when register_global php parameter is enabled (CVE-2008-4775).
Cross-site request forgery (CSRF) vulnerability in tbl_structure.php allows remote attackers perform SQL injection and execute arbitrary code by using table script parameter (CVE-2008-5621).
Multiple cross-site request forgery (CSRF) vulnerabilities in allows remote attackers perform SQL injection by using unknown vectors related to table script parameter (CVE-2008-5622).
This update provide the fix for these security issues.
Update:
The previous update packages wasn't signed, this time they are.
Affected: Corporate 4.0
Severity
Classification
-
CVE CVE-2008-4775, CVE-2008-5621 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities