phpMyAdmin 3.4.x < 3.4.9 Cross-Site Scripting (PMASA-2011-19 - PMASA-2011-20)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server hosts a PHP application that is affected by two
cross-site scripting vulnerabilities.

Description :

The version of phpMyAdmin hosted on the remote web server is 3.4.x
less than 3.4.9 and thus is reportedly affected by two cross-site
scripting vulnerabilities :

- The 'libraries/display_export.lib.php' script does not
properly sanitize the '$_GET' array elements
'limit_to', 'limit_from' and 'filename_template'
before returning it to the client. (CVE-2011-4780)

- The 'libraries/config/ConfigFile.class.php' script does
not properly sanitize input in the '$host' parameter
before returning it to the client. Note that this issue
relates to the '/setup' directory and configuration of
the application and should not be exploitable if the
recommended installation steps have been performed.
(CVE-2011-4782)

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php

Solution :

Upgrade to phpMyAdmin version 3.4.9 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 57372 ()

Bugtraq ID: 51166
51226

CVE ID: CVE-2011-4780
CVE-2011-4782