Test ID:	1.3.6.1.4.1.25623.1.0.851672
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2017:3448-1)
Summary:	The remote host is missing an update for the 'phpMyAdmin'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'phpMyAdmin' package(s) announced via the referenced advisory. Vulnerability Insight: This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations (bsc#1074066, PMASA-2017-09) This update also contains all upstream improvements and bugfixes in version 4.7.7: - various display and UI fixes - PHP error fixes - Improved deteciton of MySQL server needing SSL connections - Support JSON datatype on MariaDB 10.2.7 and newer - Fix constructing ALTER query with AFTER - Fix changing password on MariaDB cluster Affected Software/OS: phpMyAdmin on openSUSE Leap 42.3, openSUSE Leap 42.2 Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1000499 https://www.exploit-db.com/exploits/45284/ http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/ http://www.securitytracker.com/id/1040163
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.