ID de Prueba:	1.3.6.1.4.1.25623.1.0.808241
Categoría:	Web application abuses
Título:	phpMyAdmin Multiple Vulnerabilities (PMASA-2016-24, PMASA-2016-26, PMASA-2016-27, PMASA-2016-28) - Windows
Resumen:	phpMyAdmin is prone to multiple vulnerabilities.
Descripción:	Summary: phpMyAdmin is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The Transformation implementation does not use the no-referrer Content Security Policy (CSP) protection mechanism. - Multiple input validation errors. - An improper selection of delimiters to prevent use of the preg_replace e (aka eval) modifier. - An improper handling of error messages. - An insufficient validation of 'scripts' parameter in 'js/get_scripts.js.php' script. - An improper sanitization of URI. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML or arbitrary PHP code via crafted parameters, execute arbitrary SQL commands, cause a denial of service, obtain sensitive information and conduct CSRF attacks. Affected Software/OS: phpMyAdmin versions 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 on Windows. Solution: Update to version 4.0.10.16, 4.4.15.7, 4.6.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5739 BugTraq ID: 91389 http://www.securityfocus.com/bid/91389 Debian Security Information: DSA-3627 (Google Search) http://www.debian.org/security/2016/dsa-3627 https://security.gentoo.org/glsa/201701-32 SuSE Security Announcement: openSUSE-SU-2016:1699 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html SuSE Security Announcement: openSUSE-SU-2016:1700 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5733 BugTraq ID: 91390 http://www.securityfocus.com/bid/91390 Common Vulnerability Exposure (CVE) ID: CVE-2016-5734 BugTraq ID: 91387 http://www.securityfocus.com/bid/91387 https://www.exploit-db.com/exploits/40185/ Common Vulnerability Exposure (CVE) ID: CVE-2016-5731 Common Vulnerability Exposure (CVE) ID: CVE-2016-5732 Common Vulnerability Exposure (CVE) ID: CVE-2016-5730 BugTraq ID: 91379 http://www.securityfocus.com/bid/91379 Common Vulnerability Exposure (CVE) ID: CVE-2016-5706 BugTraq ID: 91376 http://www.securityfocus.com/bid/91376 Common Vulnerability Exposure (CVE) ID: CVE-2016-5704 Common Vulnerability Exposure (CVE) ID: CVE-2016-5705 BugTraq ID: 91378 http://www.securityfocus.com/bid/91378 Common Vulnerability Exposure (CVE) ID: CVE-2016-5703 BugTraq ID: 91381 http://www.securityfocus.com/bid/91381 Common Vulnerability Exposure (CVE) ID: CVE-2016-5702
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.