Summary
The host is running phpMyAdmin and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow attackers to plant XSS backdoors and inject arbitrary SQL statements via crafted XSS payloads.
Impact Level: Application
Solution
Upgrade to phpMyAdmin version 3.4.0 beta 3 or later.
For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
Insight
The flaw is caused by improper validation of user-supplied input passed in the 'db' parameter to 'index.php', which allows attackers to execute arbitrary HTML and script code on the web server.
Affected
phpMyAdmin versions 3.4.x before 3.4.0 beta 3
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe JRun Management Console Multiple Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache Rave User Information Disclosure Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat NIO Connector Denial of Service Vulnerability