PhpMyAdmin Js_frame Parameter Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running phpMyAdmin and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Upgrade to phpMyAdmin 3.4.6 or Apply the patch from below link, http://www.phpmyadmin.net/home_page/downloads.php http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin a=commitdiff h=d35cba980893aa6e6455fd6e6f14f3e3f1204c52

Insight

The flaw is due to insufficient input validation in 'js_frame' parameter in 'phpmyadmin.css.php', which allows attackers to disclose information that could be used in further attacks.

Affected

phpMyAdmin version 3.4.5 and prior

References

http://seclists.org/fulldisclosure/2011/Oct/690
http://www.auscert.org.au/render.html?it=14975
http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php
https://bugzilla.redhat.com/show_bug.cgi?id=746882

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3646

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Allaire JRun directory browsing vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Apache Struts2 showcase namespace XSS Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability

phpMyAdmin js_frame Parameter Information Disclosure Vulnerability

Take action and discover your vulnerabilities