Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 4.0.10.x < 4.0.10.18 / 4.4.15.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities

Critical

Synopsis

The remote web server contains a version of phpMyAdmin that is affected by multiple vulnerabilities.

Description

Versions of phpMyAdmin 4.0.10.x prior to 4.0.10.18, 4.4.15.x prior to 4.4.15.9, and 4.6.x prior to 4.6.5 are unpatched, and therefore affected by the following vulnerabilities :

- A flaw exists in 'blowfish_secret' that is triggered as key values are created using an insecure algorithm. This may allow a context-dependent attacker to potentially decrypt cookies and steal sensitive information. (OSVDB 147893) - A flaw exists in the 'phpinfo.php' script that is due to the script exposing the values of HttpOnly cookies. This may allow a remote attacker to gain access to potentially sensitive information. (OSVDB 147894) - A flaw exists in the 'libraries/plugins/auth/AuthenticationCookie.php' script that is triggered when handling NULL bytes in usernames. This may allow a remote attacker to bypass "$cfg['Servers'][$i]['AllowRoot']" AllowRoot restrictions. (OSVDB 147895) - A flaw exists in the 'libraries/ip_allow_deny.lib.php' script that is triggered by non-constant execution time during username matching. This may allow a remote attacker to bypass allow / deny rules. (OSVDB 147896) - A flaw exists that is triggered when handling input supplied via the 'last_access_time' parameter. This may allow a remote attacker to bypass the logout timeout feature. (OSVDB 147897) - A flaw exists in the 'libraries/VersionInformation.php' script related to the 'fopen' wrapper. This may allow a remote attacker to disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks. (OSVDB 147898) - A flaw exists in 'libraries/VersionInformation.php' related to the 'curl' wrapper. This may allow a remote attacker to disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks. (OSVDB 147899) - A flaw exists in the 'setCriterias()' function in 'libraries/SavedSearches.class.php' that is triggered as input passed via certain parameters is not properly sanitized in the saved search functionality. This may allow an authenticated remote attacker to cause a denial of service. (OSVDB 147900) - A flaw exists in the 'import.php' script that is triggered as input passed via the skip value is not properly sanitized. This may allow an authenticated remote attacker to cause a denial of service. (OSVDB 147901) - A flaw exists in the 'hash_hmac()' function in 'libraries/core.lib.php' that is triggered during the handling of MySQL host names. This may allow a remote attacker to cause a denial of service attack. (OSVDB 147902) - A flaw exists in the 'PMA_linkURL()' function in 'libraries/core.lib.php' that is due to a limitation in URL matching. This may allow a remote attacker to bypass URL whitelist protection mechanisms. (OSVDB 147903) - A flaw exists in the 'getErrorMessage()' function in 'libraries/plugins/AuthenticationPlugin.php' that is triggered during the handling of a specially crafted login request. This may allow a remote attacker to inject BBCode in the login page. (OSVDB 147904) - A flaw exists in the 'libraries/tbl_partition_definition.inc.php' script that is triggered during the handling of a very large request to table partitioning function. This may allow an authenticated remote attacker to cause a denial of service. (OSVDB 147905) - A flaw exists that may allow carrying out a SQL injection attack. The issue is due to the 'isTracked()' function in the 'libraries/Tracker.class.php' script not properly sanitizing input to the 'user' parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 147906) - A flaw exists that may allow carrying out a SQL injection attack. The issue is due to the 'PMA_exportAsFileDownload()' function in the 'libraries/tracking.lib.php' script not properly sanitizing input to the 'table' parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 147907) - A flaw exists in the 'PMA_safeUnserialize()' function in 'libraries/core.lib.php' that is triggered during the parsing of serialized strings. This may allow a remote attacker to bypass unserialization protection mechanisms. (OSVDB 147908) - A flaw exists in the 'prefs_manage.php' script that is triggered as the CSRF tokens are not properly stripped from return URLs of the preference import action when 'arg_separator' differs from its default value. This may allow a context-dependent attacker to potentially disclose token information. (OSVDB 147909) - A flaw exists that allows multiple cross-site scripting (XSS) attacks. This flaw exists because the program does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 148015)

Solution

Upgrade to phpMyAdmin version 4.6.5 or later. If 4.6.5 cannot be obtained, versions 4.4.15.9 and 4.0.10.18 have also been patched for these vulnerabilities.