phpMyAdmin 3.4.x < 3.4.11.1 / 3.5.x < 3.5.2.2 Multiple XSS (PMASA-2012-4)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote web server hosts a PHP application that is affected by
multiple cross-site scripting vulnerabilities.

Description :

According to its self-identified version number, the phpMyAdmin
install hosted on the remote web server is affected by multiple
cross-site scripting vulnerabilities. Using a crafted table name, it's
possible to produce the issue with the following pages / conditions :

- The Database Structure page by creating a table with a
crafted name or using the Empty and Drop links of the
crafted table name.

- The Table Operations page of a crafted table by using
the 'Empty the table (TRUNCATE)' and 'Delete the table
(DROP)' links.

- The Triggers page of a database containing tables with
a crafted name when opening the 'Add Trigger' pop-up.

- When creating a trigger for a table with a crafted name
with an invalid definition.

- When visualizing GIS data having a crafted label name.

Note that version 3.4.x is only affected by the issues on the Database
Structure page, while versions 3.5.x are affected by all the issues
listed.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php

Solution :

Upgrade to phpMyAdmin 3.4.11.1 / 3.5.2.2 or later. Alternatively,
apply the patch referenced in the vendor security advisory.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 2.9
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 61659 ()

Bugtraq ID: 55068
73624

CVE ID: CVE-2012-4345
CVE-2012-4579