Tenable5304.PRMphpMyAdmin < 2.11.10 Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
81.4%
The remote web server is running a version of phpMyAdmin earlier than 2.11.10. Such versions are potentially affected by multiple vulnerabilities :
-
A cross-site request forgery attack because the application uses the βunserialize()β PHP function on potentially unsafe data in the setup script.(CVE-2009-4605)
-
An insecure file creation and deletion vulnerability due to the way phpMyAdmin creates temporary files.
Binary data 5304.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4605
www.phpmyadmin.net/home_page/security/PMASA-2010-1.php
www.phpmyadmin.net/home_page/security/PMASA-2010-2.php
www.phpmyadmin.net/home_page/security/PMASA-2010-3.php
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
81.4%