Test ID:	1.3.6.1.4.1.25623.1.0.63450
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)
Summary:	The remote host is missing an update to phpMyAdmin;announced via advisory MDVSA-2009:026-1.
Description:	Summary: The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:026-1. Vulnerability Insight: Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote attackers to inject arbitrary web script or HTML by using db script parameter when register_global php parameter is enabled (CVE-2008-4775). Cross-site request forgery (CSRF) vulnerability in tbl_structure.php allows remote attackers perform SQL injection and execute arbitrary code by using table script parameter (CVE-2008-5621). Multiple cross-site request forgery (CSRF) vulnerabilities in allows remote attackers perform SQL injection by using unknown vectors related to table script parameter (CVE-2008-5622). This update provide the fix for these security issues. Update: The previous update packages wasn't signed, this time they are. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4775 BugTraq ID: 31928 http://www.securityfocus.com/bid/31928 Bugtraq: 20081027 XSS in phpMyadmin (Google Search) http://www.securityfocus.com/archive/1/497815/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00908.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00925.html http://security.gentoo.org/glsa/glsa-200903-32.xml http://secunia.com/advisories/32449 http://secunia.com/advisories/32482 http://securityreason.com/securityalert/4516 http://www.vupen.com/english/advisories/2008/2943 XForce ISS Database: phpmyadmin-pmdpdf-xss(46136) https://exchange.xforce.ibmcloud.com/vulnerabilities/46136 Common Vulnerability Exposure (CVE) ID: CVE-2008-5621 BugTraq ID: 32720 http://www.securityfocus.com/bid/32720 Debian Security Information: DSA-1723 (Google Search) http://www.debian.org/security/2009/dsa-1723 https://www.exploit-db.com/exploits/7382 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html http://www.openwall.com/lists/oss-security/2009/02/12/1 http://osvdb.org/50894 http://secunia.com/advisories/33076 http://secunia.com/advisories/33146 http://secunia.com/advisories/33246 http://secunia.com/advisories/33822 http://secunia.com/advisories/33912 http://securityreason.com/securityalert/4753 SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://www.vupen.com/english/advisories/2008/3402 http://www.vupen.com/english/advisories/2008/3501 XForce ISS Database: phpmyadmin-tblstructure-csrf(47168) https://exchange.xforce.ibmcloud.com/vulnerabilities/47168
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.