Summary
The host is running phpMyAdmin and is prone to security bypass vulnerability.
Impact
Successful exploitation will let the unauthenticated attackers to display information related to PHP.
Impact Level: Application
Solution
Upgrade to phpMyAdmin version 3.4.0-beta1 or later http://www.phpmyadmin.net/home_page/downloads.php
Insight
The flaw is caused by missing authentication in the 'phpinfo.php' script when 'PMA_MINIMUM_COMMON' is defined. This can be exploited to gain knowledge of sensitive information by requesting the file directly.
Affected
phpMyAdmin version prior to 3.4.0-beta1.
References
Severity
Classification
-
CVE CVE-2010-4481 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities