Summary
The host is running phpMyAdmin and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks.
Impact Level: Application
Solution
Upgrade to phpMyAdmin 3.4.6 or Apply the patch from below link, http://www.phpmyadmin.net/home_page/downloads.php
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin a=commitdiff
h=d35cba980893aa6e6455fd6e6f14f3e3f1204c52
Insight
The flaw is due to insufficient input validation in 'js_frame' parameter in 'phpmyadmin.css.php', which allows attackers to disclose information that could be used in further attacks.
Affected
phpMyAdmin version 3.4.5 and prior
References
Severity
Classification
-
CVE CVE-2011-3646 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Advanced Image Hosting Cross Site Scripting Vulnerability
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Archiva Multiple Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Struts2 'XWork' Information Disclosure Vulnerability