FreeBSD : phpmyadmin -- remote code inclusion and XSS scripting (17cb6ff3-7670-11e8-8854-6805ca0b3d42)

high Nessus Plugin ID 110675

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The phpMyAdmin development team reports : Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially crafted database name. Severity We consider this attack to be of moderate severity. Summary File inclusion and remote code execution attack Description A flaw has been discovered where an attacker can include (view and potentially execute) files on the server.

The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages.

An attacker must be authenticated, except in these situations :

- $cfg['AllowArbitraryServer'] = true: attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin

- $cfg['ServerDefault'] = 0: this bypasses the login and runs the vulnerable code without any authentication Severity We consider this to be severe. Mitigation factor Configuring PHP with a restrictive `open_basedir` can greatly restrict an attacker's ability to view files on the server. Vulnerable systems should not be run with the phpMyAdmin directives $cfg['AllowArbitraryServer'] = true or $cfg['ServerDefault'] = 0

Solution

Update the affected package.

See Also

https://www.phpmyadmin.net/security/PMASA-2018-3/

https://www.phpmyadmin.net/security/PMASA-2018-4/

http://www.nessus.org/u?d30c0ecb

Plugin Details

Severity: High

ID: 110675

File Name: freebsd_pkg_17cb6ff3767011e888546805ca0b3d42.nasl

Version: 1.13

Type: local

Published: 6/25/2018

Updated: 5/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpmyadmin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/22/2018

Vulnerability Publication Date: 6/21/2018

Exploitable With

Metasploit (phpMyAdmin Authenticated Remote Code Execution)

Elliot (phpMyAdmin 4.8.1 RCE)

Reference Information

CVE: CVE-2018-12581, CVE-2018-12613