Detections
Analytics
FreeBSD : phpMyAdmin -- CSRF vulnerability in login form (a5681027-8e03-11e9-85f4-6805ca0b3d42)
medium Nessus Plugin ID 125936
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
The phpMyAdmin development team reports : Summary CSRF vulnerability in login form Description A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim. Severity We consider this vulnerability to be severe. Mitigation factor Only the 'cookie' auth_type is affected; users can temporary use phpMyAdmin's http authentication as a workaround.Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 125936
File Name: freebsd_pkg_a56810278e0311e985f46805ca0b3d42.nasl
Version: 1.2
Type: local
Family: FreeBSD Local Security Checks
Published: 6/17/2019
Updated: 6/20/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:phpmyadmin, p-cpe:/a:freebsd:freebsd:phpmyadmin-php56, p-cpe:/a:freebsd:freebsd:phpmyadmin-php70, p-cpe:/a:freebsd:freebsd:phpmyadmin-php71, p-cpe:/a:freebsd:freebsd:phpmyadmin-php72, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/13/2019
Vulnerability Publication Date: 6/4/2019
Reference Information
CVE: CVE-2019-12616