Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

This is a version upgrade to phpMyAdmin 2.11.9.4 to fix various security bugs. (CVE-2008-2960, CVE-2008-3197, CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, CVE-2008-4096, CVE-2008-4326, CVE-2008-5621, CVE-2008-5622)

The remote host is affected by the vulnerability described in GLSA-200903-32 (phpMyAdmin: Multiple vulnerabilities)

    Multiple vulnerabilities have been reported in phpMyAdmin:
    libraries/database_interface.lib.php in phpMyAdmin allows remote     authenticated users to execute arbitrary code via a request to     server_databases.php with a sort_by parameter containing PHP sequences,     which are processed by create_function (CVE-2008-4096).
    Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote     attackers to inject arbitrary web script or HTML via the db parameter,     a different vector than CVE-2006-6942 and CVE-2007-5977     (CVE-2008-4775).
    Cross-site request forgery (CSRF) vulnerability in phpMyAdmin allows     remote authenticated attackers to perform unauthorized actions as the     administrator via a link or IMG tag to tbl_structure.php with a     modified table parameter. NOTE: this can be leveraged to conduct SQL     injection attacks and execute arbitrary code (CVE-2008-5621).
    Multiple cross-site request forgery (CSRF) vulnerabilities in     phpMyAdmin allow remote attackers to conduct SQL injection attacks via     unknown vectors related to the table parameter, a different vector than     CVE-2008-5621 (CVE-2008-5622).
  Impact :

    A remote attacker may execute arbitrary code with the rights of the     webserver, inject and execute SQL with the rights of phpMyAdmin or     conduct XSS attacks against other users.
  Workaround :

    There is no known workaround at this time.

Michael Brooks discovered that phpMyAdmin, a tool to administrate MySQL over the web, performs insufficient input sanitising allowing a user assisted remote attacker to execute code on the webserver.

Improvements for 3.1.1.0: - [core] Navi panel server links wrong - [core] bad session.save_path not detected - [core] Re-login causes PMA to forget current table name - [export] do not include view name in export - [display] enable copying of auto increment by default - [core] do not bail out creating session on any PHP warning - [display] properly update tooltips in navigation frame - [core] do not use ctype if it is not available - [display] HeaderFlipType 'fake' problems - [display] Incorrect size for view - [display] Drop-down menu blinking in FF - [lang] Catalan update - [lang] Finnish update - [core] Avoid error with BLOBstreaming support requiring SUPER privilege - [security] possible CSRF on several pages

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The phpMyAdmin Team reports :

A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter.

The remote host is running phpMyAdmin, a web interface for administering MySQL database servers.  This version of phpMyAdmin is vulnerable to a SQL injection attack via the 'table' parameter of the 'tbl_structure.php script.  An attacker exploiting this flaw would need to send a specially formatted HTTP request containing the attackers SQL commands.  An attacker exploiting this flaw would be able to execute arbitrary SQL commands on the database server utilized by phpMyAdmin. 

ID	Name	Product	Family	Severity
40107	openSUSE Security Update : phpMyAdmin (phpMyAdmin-442)	Nessus	SuSE Local Security Checks	high
35964	GLSA-200903-32 : phpMyAdmin: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
35664	Debian DSA-1723-1 : phpmyadmin - insufficient input sanitising	Nessus	Debian Local Security Checks	medium
35449	openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5935)	Nessus	SuSE Local Security Checks	high
35096	Fedora 8 : phpMyAdmin-3.1.1-1.fc8 (2008-11221)	Nessus	Fedora Local Security Checks	medium
35089	FreeBSD : phpmyadmin -- cross-site request forgery vulnerability (54f72962-c7ba-11dd-a721-0030843d3802)	Nessus	FreeBSD Local Security Checks	medium
4786	phpMyAdmin < 2.11.9.4 / 3.1.1.0 'tbl_structure.php' SQLi	Nessus Network Monitor	CGI	medium

Detections

Analytics

CVE-2008-5621

high

Tenable Plugins

high

high

medium

high

medium

medium

medium