This host is running phpMyAdmin and is prone to multiple vulnerabilities.

Successful exploitation will let the attacker cause XSS, Directory Traversal attacks or can injection malicious PHP Codes to gain sensitive information about the remote host.

Upgrade to version 2.11.9.5 or 3.1.3.1 http://www.phpmyadmin.net/home_page/downloads.php Workaround: Update the existing PHP files from the below SVN Revisions. http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12301 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12302 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12303 ***** Note: Igone the warning, if already replaced according to the fixed svn revision numbers. *****

Multiple flaws are due to, - BLOB streaming feature in 'bs_disp_as_mime_type.php' causes CRLF Injection which lets the attacker inject arbitrary data in the HTTP headers through the 'c_type' and 'file_type' parameters. - XSS Vulnerability in 'display_export.lib.php' as its not sanitizing the 'pma_db_filename_template' parameter. - Static code injection vulnerability in 'setup.php' which can be used to inject PHP Codes. - Filename 'bs_disp_as_mime_type.php' which is not sanitizing user supplied inputs in the filename variable which causes directory traversal attacks.

phpMyAdmin version 2.11.x to 2.11.9.4 and 3.0.x to 3.1.3

• http://secunia.com/advisories/34430
• http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php
• http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php
• http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php

---

Updated on 2015-03-25