 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.801494 |
| Categoría: | Web application abuses |
| Título: | phpMyAdmin 'phpinfo.php' Security Bypass Vulnerability - Active Check |
| Resumen: | phpMyAdmin is prone to a security bypass vulnerability. |
| Descripción: | Summary: phpMyAdmin is prone to a security bypass vulnerability. Vulnerability Insight: The flaw is caused by missing authentication in the 'phpinfo.php' script when 'PMA_MINIMUM_COMMON' is defined. This can be exploited to gain knowledge of sensitive information by requesting the file directly. Vulnerability Impact: Successful exploitation will let the unauthenticated attackers to display information related to PHP. Affected Software/OS: phpMyAdmin versions prior to 3.4.0-beta1. Solution: Update to version 3.4.0-beta1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4481 Debian Security Information: DSA-2139 (Google Search) http://www.debian.org/security/2010/dsa-2139 http://www.mandriva.com/security/advisories?name=MDVSA-2011:000 http://secunia.com/advisories/42485 http://secunia.com/advisories/42725 http://www.vupen.com/english/advisories/2010/3238 http://www.vupen.com/english/advisories/2011/0001 http://www.vupen.com/english/advisories/2011/0027 |
| Copyright | Copyright (C) 2010 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |