Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

The remote host is affected by the vulnerability described in GLSA-201201-01 (phpMyAdmin: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in phpMyAdmin. Please       review the CVE identifiers and phpMyAdmin Security Advisories referenced       below for details.
  Impact :

    Remote attackers might be able to insert and execute PHP code, include       and execute local PHP files, or perform Cross-Site Scripting (XSS)       attacks via various vectors.
  Workaround :

    There is no known workaround at this time.

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2010-3055     The configuration setup script does not properly     sanitise its output file, which allows remote attackers     to execute arbitrary PHP code via a crafted POST     request. In Debian, the setup tool is protected through     Apache HTTP basic authentication by default.

  - CVE-2010-3056     Various cross site scripting issues have been discovered     that allow a remote attacker to inject arbitrary web     script or HTML.

Changes for 3.3.5.1 (2010-10-20) - [core] Fixed various XSS issues, see PMASA-2010-5 for more details.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

phpMyAdmin Team reports :

It was possible to conduct a XSS attack using crafted URLs org POST parameters on several pages.

ID	Name	Product	Family	Severity
57433	GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
48924	Debian DSA-2097-1 : phpmyadmin - insufficient input sanitising	Nessus	Debian Local Security Checks	high
48420	Fedora 14 : phpMyAdmin-3.3.5.1-1.fc14 (2010-13402)	Nessus	Fedora Local Security Checks	medium
48396	FreeBSD : phpmyadmin -- Several XSS vulnerabilities (274922b8-ad20-11df-af1f-00e0814cab4e)	Nessus	FreeBSD Local Security Checks	medium
48395	Fedora 12 : phpMyAdmin-3.3.5.1-1.fc12 (2010-13258)	Nessus	Fedora Local Security Checks	medium
48392	Fedora 13 : phpMyAdmin-3.3.5.1-1.fc13 (2010-13249)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2010-3056

medium

Tenable Plugins

critical

high

medium

medium

medium

medium