| VID |
210161 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.19, 4.4.x prior to 4.4.15.10, or 4.6.x prior to 4.6.6. It is, therefore, affected by the following vulnerabilities :
- An open redirect vulnerability exists due to a failure to validate request paths before returning them to users. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to redirect the user from the intended legitimate website to an arbitrary website of the attacker's choosing. (PMASA-2017-1, VulnDB 151006)
- An arbitrary code execution vulnerability exists in the php-gettext component in the select_string() function due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (PMASA-2017-2, CVE-2015-8980)
- A denial of service vulnerability exists in the goto() function due to improper handling of table data. An unauthenticated, remote attacker can exploit this to launch a recursive include operation, resulting in a denial of service condition. (PMASA-2017-3, VulnDB 151008)
- A flaw exists due to a failure to sanitize input passed via cookie parameters. An unauthenticated, remote attacker can exploit this to inject arbitrary CSS in themes. (PMASA-2017-4, VulnDB 151009)
- An unspecified flaw exists that allows an unauthenticated, remote attacker to inject arbitrary values into browser cookies. (PMASA-2017-5, CVE-2016-5702)
- A server-side request forgery vulnerability exists that allows an authenticated, remote attacker to bypass access restrictions (e.g. host or network ACLs) and
connect to hosts without the appropriate authorization. Note that this vulnerability only affects the 4.6.x version branch. (PMASA-2017-6, VulnDB 151021)
- A denial of service vulnerability exists in the replication status functionality due to improper handling of specially crafted table names. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (PMASA-2017-7, VulnDB 151011)
* References:
https://www.phpmyadmin.net/security/PMASA-2017-1/
https://www.phpmyadmin.net/security/PMASA-2017-2/
https://www.phpmyadmin.net/security/PMASA-2017-3/
https://www.phpmyadmin.net/security/PMASA-2017-4/
https://www.phpmyadmin.net/security/PMASA-2017-5/
https://www.phpmyadmin.net/security/PMASA-2017-6/
https://www.phpmyadmin.net/security/PMASA-2017-7/
* Platforms Affected:
phpMyAdmin 4.0.x prior to 4.0.10.19
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpMyAdmin (4.0.10.19 or later), available from the phpMyAdmin Download Web page at
http://www.phpmyadmin.net/home_page/downloads.php |
| Related URL |
CVE-2015-8980,CVE-2016-5702 (CVE) |
| Related URL |
91380,95754 (SecurityFocus) |
| Related URL |
(ISS) |
|
