The remote web server contains a PHP application that is prone to several flaws. Description : The version of phpMyAdmin installed on the remote host is affected by a local file inclusion vulnerability, which can be exploited by an unauthenticated attacker to read arbitrary files, and possibly even to execute arbitrary PHP code on the affected host subject to the permissions of the web server user id. In addition, the application fails to sanitize user-supplied input to the 'hash' parameter in the 'left.php' and 'queryframe.php' scripts as well as the 'sort_order' and 'sort_by' parameters in the 'server_databases.php' script before using it to generate dynamic HTML, which can lead to cross-site scripting attacks against the affected application. http://www.phpmyadmin.net/home_page/security/PMASA-2005-5.php http://cgi.nessus.org/cve.php3?cve=CVE-2005-3300 http://cgi.nessus.org/cve.php3?cve=CVE-2005-3301 Solution : Upgrade to phpMyAdmin 2.6.4-pl3 or later.
Будет ли майнтэйнер исправлять это в бранчах?
Актуальна ли именно эта ошибка? В Server (4.0.1) лежит phpMyAdmin версии 2.10.1. Хотя не спорю, обновлять надо до 2.11.9.5, т.к. там других проблем безопасности навалом.
Бага протухла
