Multiple vulnerabilities in phpMyAdmin
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2011-2642 CVE-2011-2643 CVE-2011-2718 CVE-2011-2719 |
| CWE-ID | CWE-79 CWE-22 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
phpMyAdmin Web applications / Remote management & hosting panels |
| Vendor | phpMyAdmin |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU44861
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2011-2642
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via a crafted table name. Per: http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php 'The attacker must trick the victim into clicking a link that reaches phpMyAdmin's table print view script; one of the link's parameters is a crafted table name (the name containing Javascript code).' 'Mitigation factor The crafted table name must exist (the attacker must have access to create a table on the victim's server).'. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsphpMyAdmin: 2.11.0 - 3.4.3.1
CPE2.3- cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=4bd27166c314faa37cada91533b86377f4d4d214
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=a0823be05aa5835f207c0838b9cca67d2d9a050a
http://secunia.com/advisories/45315
http://secunia.com/advisories/45365
http://secunia.com/advisories/45515
http://www.debian.org/security/2011/dsa-2286
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php
http://www.securityfocus.com/bid/48874
http://bugzilla.redhat.com/show_bug.cgi?id=725381
http://exchange.xforce.ibmcloud.com/vulnerabilities/68750
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU44862
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2011-2643
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled,. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsphpMyAdmin: 3.4.0.0 - 3.4.3.1
CPE2.3 External linkshttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c
http://secunia.com/advisories/45365
http://secunia.com/advisories/45515
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php
http://www.securityfocus.com/bid/48874
http://bugzilla.redhat.com/show_bug.cgi?id=725382
http://exchange.xforce.ibmcloud.com/vulnerabilities/68767
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU44863
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2718
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.
MitigationInstall update from vendor's website.
Vulnerable software versionsphpMyAdmin: 3.4.0.0 - 3.4.3.1
CPE2.3 External linkshttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
http://osvdb.org/74111
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
http://secunia.com/advisories/45365
http://secunia.com/advisories/45515
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
http://www.openwall.com/lists/oss-security/2011/07/25/4
http://www.openwall.com/lists/oss-security/2011/07/26/10
http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
http://www.securityfocus.com/bid/48874
http://bugzilla.redhat.com/show_bug.cgi?id=725383
http://exchange.xforce.ibmcloud.com/vulnerabilities/68768
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU44864
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2719
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.
MitigationInstall update from vendor's website.
Vulnerable software versionsphpMyAdmin: 3.0.0 - 3.4.3.1
CPE2.3- cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
http://osvdb.org/74112
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=571cdc6ff4bf375871b594f4e06f8ad3159d1754
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7
http://seclists.org/fulldisclosure/2011/Jul/300
http://secunia.com/advisories/45315
http://secunia.com/advisories/45365
http://secunia.com/advisories/45515
http://securityreason.com/securityalert/8322
http://www.debian.org/security/2011/dsa-2286
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
http://www.openwall.com/lists/oss-security/2011/07/25/4
http://www.openwall.com/lists/oss-security/2011/07/26/10
http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
http://www.securityfocus.com/archive/1/518967/100/0/threaded
http://www.securityfocus.com/archive/1/519155/100/0/threaded
http://www.securityfocus.com/bid/48874
http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt
http://bugzilla.redhat.com/show_bug.cgi?id=725384
http://exchange.xforce.ibmcloud.com/vulnerabilities/68769
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
