Alpine: multiple phpmyadmin packages: security update to 4.0.4.1-r0 (deprecated)

high Tenable Self-Hosted Container Security Plugin ID 401142

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow
remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or
(2) the pdf_page_number parameter to schema_export.php. (CVE-2013-5003)

- Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2
allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is
not properly handled during the display of row information. (CVE-2013-4995)

- Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before
4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted
database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted
entry in a certain proxy list, or (5) crafted content in a version.json file. (CVE-2013-4996)

- Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote
attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor
identifier to setup/index.php or (2) a chartTitle (aka chart title) value. (CVE-2013-4997)

- phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive
information via an invalid request, which reveals the installation path in an error message, related to
pmd_common.php and other files. (CVE-2013-4998)

See Also

https://git.alpinelinux.org/aports/commit/?id=7e9fb47864554558b3b7d20564b0dcf1a3ab9924

https://git.alpinelinux.org/aports/commit/?id=b6fd6a62542fc140d5d957f2e1820e1a06e6d5cf

Plugin Details

Severity: High

ID: 401142

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2013-5003

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 8/1/2013

Vulnerability Publication Date: 7/28/2013

Reference Information

CVE: CVE-2013-4995, CVE-2013-4996, CVE-2013-4997, CVE-2013-4998, CVE-2013-4999, CVE-2013-5000, CVE-2013-5001, CVE-2013-5002, CVE-2013-5003

BID: 61510, 61511, 61512, 61513, 61515, 61516, 61919, 61921, 61923