504034 : vulnerable phpMyAdmin version: 2.7.0-pl2

Risk 5 : Web Services

A remote attacker could execute arbitrary commands, conduct cross-site scripting attacks, disclose sensitive information, read arbitrary files, perform unauthorized actions, bypass clickJacking protection, or perform local file inclusion attacks.

phpMyAdmin is a web-based administration interface for MySQL.

Multiple Vulnerabilities Fixed in phpMyAdmin version 3.5.8.2 and 4.0.4.2

07/30/13 CVE 2013-4996 CVE 2013-4997 CVE 2013-5001 CVE 2013-5003 phpMyAdmin version prior to 3.5.8.2 and 4.0.4.2 is prone to multiple vulnerabilities because the application fails to sanitize input passed via:

the "User", "Host", "db", and "Command" parameters in the Status Monitor view. link to an object before being used to display the contents of a table. the "scale" POST parameter to pmd_pdf.php and via the pdf_page_number POST parameter to schema_export.php

Two Vulnerabilities Fixed in phpMyAdmin version 4.0.0-rc3

05/21/13 CVE 2013-3240 CVE 2013-3241 Two vulnerabilities were fixed in phpMyAdmin version 4.0.0-rc3. The vulnerabilities are:

Local file inclusion vulnerability due to input passed not correctly validated in the Export feature. A possible global variables overwrite in export.php due to an export script which generates global variables from $_POST superglobal.

Locally Saved SQL Dump File Multiple File Extension Remote Code Execution

05/21/13 CVE 2013-3239 phpMyAdmin versions 3.5.x and prior and 4.0.0 are prone to file extension remote code execution because the application can be configured to save a double extension file like foobar.php.sql, on the web server, via its SaveDir directive. Apache webserver might treat this saved file as a ".php" script and may lead to remote code execution.

Cross-site Scripting Vulnerabilities Fixed in phpMyAdmin version 3.5.8

05/21/13 CVE 2013-1937 phpMyAdmin prior to version 3.5.8 is prone to cross-site scripting vulnerability because of unescaped HTML output in GIS visualization page.

A Vulnerability is Fixed in phpMyAdmin version 3.5.3

05/21/13 CVE 2012-5368 phpMyAdmin prior to version 3.5.3 is prone to man-in-the-middle attack. When fetching the version information from a non-SSL site, a piece of JavaScript is fetched from the phpmyadmin.net website in non-SSL mode which could lead to further attacks.

Multiple Cross-site Scripting Vulnerabilities Fixed in phpMyAdmin version 3.5.3

05/21/13 CVE 2012-5339 phpMyAdmin prior to version 3.5.3 is prone to multiple cross-site scripting vulnerability because of unescaped HTML output in Trigger, Procedure and Event pages.

preg_replace Function Code Injection

05/20/13 CVE 2013-3238 phpMyAdmin versions 3.5.x and prior and 4.0.0 are prone to a remote PHP code-injection vulnerability. The vulnerability exists because input passed to preg_replace() function is not properly sanitized when using the "Replace table prefix" feature. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process.

Bookmark Security Bypass Vulnerability

03/01/11 CVE 2011-0987 phpMyAdmin before 2.11.11.3 and 3.3.9.2 is prone to a security-bypass vulnerability that affects bookmarks. Successfully exploiting this issue allows a remote attacker to bypass certain security restrictions and perform unauthorized actions.

Database Search Cross Site Scripting Vulnerability

12/13/10 CVE 2010-4329 phpMyAdmin before 3.3.8.1 and 2.11.11.1 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Multiple Cross Site Scripting Vulnerabilities

09/02/10 CVE 2010-3056 phpMyAdmin 2.11.x prior to 2.11.10.1 and phpMyAdmin 3.x prior to 3.3.5.1 are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Configuration File PHP Code Injection Vulnerability

09/02/10 CVE 2010-3055 phpMyAdmin before 2.11.10.1 is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.

Vulnerabilities fixed in 2.11.10

02/02/10 CVE 2008-7251 CVE 2008-7252 CVE 2009-4605 phpMyAdmin before 2.11.10 is prone to multiple vulnerabilities, which can be exploited by malicious users to manipulate certain data and potentially perform certain actions with escalated privileges, and by malicious people to bypass certain security restrictions.

SQL Injection and Cross Site Scripting Vulnerabilities

11/12/09 CVE 2009-3696 CVE 2009-3697 phpMyAdmin before 2.11.9.6 and 3.2.2.1 is prone to an SQL-injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. db Parameter Cross Site Scripting Vulnerability

07/28/09 phpMyAdmin 3.3.0-dev and prior are prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

setup.php PHP Code Injection Vulnerability

04/20/09 CVE 2009-1151 phpMyAdmin before 2.11.9.5 and 3.1.3.1 is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process.

table Parameter SQL Injection Vulnerability

12/19/08 CVE 2008-5622 phpMyAdmin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

pmd_pdf.php Cross-Site Scripting

11/12/08 CVE 2008-4775 phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Vulnerability fixed in 2.11.9.1

09/30/08 CVE 2008-4096 Versions prior to 2.11.9.1 contain a vulnerability which allows remote authenticated users to inject arbitrary code passed to the sort_by parameter in server_databases.php.

Vulnerabilities fixed in 2.11.8

08/20/08 CVE 2008-3456 CVE 2008-3457 Versions prior to 2.11.8 contain a vulnerability which allows attackers to use any script except for index.php for spoofing and phishing. These versions also contain a vulnerability in which input from config/config.inc.php to scripts/setup.php is not properly sanitized. Attackers can exploit this to execute arbitrary HTML and script code.

Vulnerability fixed in 2.11.7.1

07/22/08 CVE 2008-3197 Versions prior to 2.11.7.1 have a cross-site request forgery vulnerability allowing attackers to perform unauthorized actions via a link or IMG tag.

Vulnerability fixed in 2.11.7

06/26/08 CVE 2008-2960 Versions prior to 2.11.7 have a cross-site scripting vulnerability in cases where PHP variable register_globals is on and the web server does not apply the settings contained in the .htaccess file for /libraries.

File Disclosure on Shared Hosts

05/09/08 CVE 2008-1924 An undisclosed vulnerability in phpMyAdmin prior to 2.11.5.2 could allow remote attackers to view arbitrary files on the server by sending a specially crafted HTTP POST request.

Sensitive Information Available Locally

04/07/08 CVE 2008-1567 phpMyAdmin before 2.11.5.1 has an information gathering vulnerability. This is caused by the fact that the program stores the MySQL username, password, and the Blowfish secret key in plaintext in the /tmp Session file, which allows local users to obtain sensitive information.

$_REQUEST Crafted Cookie SQL injection

03/10/08 CVE 2008-1149 phpMyAdmin prior to 2.11.5 accesses $_REQUEST for certain parameters prior to $_GET and $_POST allowing attackers to override certain variables for SQL and Cross-site Request Forgery vulnerabilities.

Cross-site scripting vulnerabilities fixed in 2.11.2.2

11/29/07 CVE 2007-6100 phpMyAdmin prior to 2.11.2.2 has a cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php.

Vulnerabilities fixed in 2.11.2.1

11/29/07 CVE 2007-5976 CVE 2007-5977 phpMyAdmin prior to 2.11.2.1 has a SQL injection vulnerability in db_create.php which allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. It also has a cross-site scripting (XSS) vulnerability in db_create.php.

Cross-site scripting vulnerabilities in 2.10.3

08/27/07 CVE 2007-4306 phpMyAdmin 2.10.3 and prior have multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML.

Cross-site scripting vulnerabilities fixed in 2.10.1

05/04/07 CVE 2007-2245 phpMyAdmin prior to version 2.10.1 has several cross-site scripting vulnerabilities including the fieldkey parameter to browse_foreigners.php and certain input to the PMA_sanitize function.

Cross-site scripting vulnerability in 2.8.1

01/23/07 CVE 2007-0341 phpMyAdmin version 2.8.1 and prior have a cross-site scripting vulnerability when used with Internet Explorer 6.

Vulnerabilities fixed by 2.9.2

01/23/07 CVE 2007-0095 CVE 2007-0203 CVE 2007-0204 phpMyAdmin version 2.9.2 fixes several vulnerabilities including cross-site scripting and information disclosure.

Vulnerabilities fixed by 2.9.1.1

12/04/06 CVE 2006-6942 CVE 2006-6943 CVE 2006-6944 Multiple cross-site scripting and information disclosure vulnerabilities in phpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary web script in multiple locations. In addition there are a number of full path disclosure vulnerabilities.

Vulnerabilities fixed by 2.9.0.1 and 2.9.1-rc1

11/14/06 CVE 2006-5116 CVE 2006-5117 phpMyAdmin before 2.9.0.1 and 2.9.1-rc1 have an information gathering vulnerability caused by insufficient access control on a libraries directory and multiple cross-site request forgery vulnerabilities.

Cross-site scripting vulnerability in error.php

11/09/06 CVE 2006-5718 phpMyAdmin from 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message.

Unknown Cross-site scripting in 2.8.1 and earlier

04/17/06 07/11/06 CVE 2006-1678 CVE 2006-3388 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before version 2.8.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

set_theme cross-site scripting

03/31/06 CVE 2006-1258 phpMyAdmin version 2.8.0.1 has a vulnerability that allows cross-site scripting using the set_theme parameter to the index.php program.

The multiple vulnerabilities fixed in phpMyAdmin version 3.5.8.2 and 4.0.4.2 were reported in http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php PMASA-2013-9, http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php PMASA-2013-13, and http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php PMASA-2013-15.

The two vulnerabilities fixed in phpMyAdmin version 4.0.0-rc3 were reported in http://www.phpmyadmin.net/home_page/security/PMASA-2013-4.php PMASA-2013-4 and http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php PMASA-2013-5.

The locally saved SQL dump file multiple file extension remote code execution was reported in http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php PMASA-2013-3.

The cross-site scripting vulnerabilities fixed in phpMyAdmin version 3.5.8 were reported in http://www.phpmyadmin.net/home_page/security/PMASA-2013-1.php PMASA-2013-1.

The vulnerability fixed in phpMyAdmin version 3.5.3 was reported in http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php PMASA-2012-7.

The multiple cross-site scripting vulnerabilities fixed in phpMyAdmin version 3.5.3 were reported in http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php PMASA-2012-6.

The preg_replace function code injection vulnerability was reported in http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php PMASA-2013-2.

The Bookmark Security Bypass vulnerability was reported in http://www.securityfocus.com/bid/46359/ Bugtraq ID 46359.

The Database Search Cross Site Scripting vulnerability was reported in http://www.securityfocus.com/bid/45100/ Bugtraq ID 45100.

The multiple Cross Site Scripting vulnerabilities were reported in http://www.securityfocus.com/bid/42584/ Bugtraq ID 42584.

The Configuration File PHP Code Injection vulnerability was reported in http://www.securityfocus.com/bid/42591/ Bugtraq ID 42591.

The vulnerabilities fixed in 2.11.10 were reported in http://secunia.com/advisories/38211 Secunia Advisory SA38211.

The SQL Injection and Cross Site Scripting vulnerabilities were reported in http://www.securityfocus.com/bid/36658 Bugtraq ID 36658.

The db Parameter Cross Site Scripting vulnerability was reported in http://www.securityfocus.com/bid/35531/ Bugtraq ID 35531.

The setup.php PHP Code Injection vulnerability was reported in http://www.securityfocus.com/bid/34236 Bugtraq ID 34236.

The table Parameter SQL Injection was reported in http://www.securityfocus.com/bid/32720 Bugtraq ID 32720.

The pmd_pdf.php Cross-Site Scripting was reported in http://www.securityfocus.com/bid/31928 Bugtraq ID 31928.

The vulnerability fixed in 2.11.9.1 was reported in http://www.securityfocus.com/bid/31188 Bugtraq ID 31188.

The vulnerabilities fixed in 2.11.8 were reported in http://secunia.com/advisories/31263 Secunia Advisory SA31263.

The vulnerability fixed in 2.11.7.1 was reported in http://secunia.com/advisories/31115 Secunia Advisory SA31115.

The vulnerability fixed in 2.11.7 was reported in http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4 PMASA-2008-4.

The file disclosure vulnerability on shared hosts was reported in http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3 PMASA-2008-3.

The sensitive information available locally vulnerability was reported in http://secunia.com/advisories/29613/ Secunia Advisory SA29613 and http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 PMASA-2008-2.

The $_REQUEST Crafted Cookie SQL injection was reported in http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1 PMASA-2008-1.

The cross-site scripting vulnerabilities fixed in 2.11.2.2 were reported in http://secunia.com/advisories/27748/ Secunia Advisory SA27748.

The vulnerabilities fixed by 2.11.2.1 were reported in http://secunia.com/advisories/27630/ Secunia Advisory SA27630.

The cross-site scripting vulnerabilities in 2.10.3 were reported in http://pridels-team.blogspot.com/2007/08/phpmyadmin-multiple-xss-vuln.html phpMyAdmin-multiple-xss-vuln.html.

The cross-site scripting vulnerabilities fixed in 2.10.1 were reported in http://secunia.com/advisories/24952/ Secunia Advisory SA24952 and http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4 PMASA-2007-4.

The cross-site scripting vulnerability in 2.8.1 was reported in http://www.securityfocus.com/archive/1/456726 Bugtraq archive 456726.

The vulnerabilities fixed by 2.9.2 were reported in http://www.phpmyadmin.net/home_page/downloads.php Version 2.9.2 release notes.

The vulnerabilities fixed by 2.9.1.1 were reported in http://www.securityfocus.com/bid/21137 Bugtraq ID 21137.

The vulnerabilities fixed by 2.9.0.1 and 2.9.1-rc1 were reported in http://www.securityfocus.com/bid/20253 Bugtraq ID 20253.

The cross-site scripting vulnerability in error.php was reported in http://www.securityfocus.com/bid/20856 Bugtraq ID 20856.

The unknown cross-site scripting vulnerabilities were reported in http://www.securityfocus.com/bid/17390 Bugtraq ID 17390 and http://www.securityfocus.com/archive/1/438870 Bugtraq.

The set_theme cross-site scripting vulnerability was reported in http://www.securityfocus.com/bid/17142 Bugtraq ID 17142.

Solution:

phpMyAdmin should be http://www.phpmyadmin.net/home_page/downloads.php upgraded to 3.5.8.2 or higher for version 3.5.x, or 4.0.5 or higher for version 4.0.0.

References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2010-03-24
New Search
Keywords
Risk Factor
Start Date
End Date
Browse