Detections
Analytics

phpMyAdmin 4.0.x < 4.0.10.15 / 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple Vulnerabilities

medium Nessus Plugin ID 143489

Language:

Synopsis

The remote web server hosts a PHP application that is affected by multiple vulnerabilities.

Description

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.15, 4.4.x prior to 4.4.15.5, or 4.5.x prior to 4.5.5.1. It is, therefore, affected by multiple vulnerabilities.

 - Cross-site scripting (XSS) vulnerability in the format function in libraries/sql- parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. (CVE-2016-2559)

 - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. (CVE-2016-2560)

 - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. (CVE-2016-2561)

 - The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. (CVE-2016-2562)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to phpMyAdmin version 4.0.10.15 / 4.4.15.5 / 4.5.5.1 or later.

See Also

https://www.phpmyadmin.net/security/PMASA-2016-10/

https://www.phpmyadmin.net/security/PMASA-2016-11/

https://www.phpmyadmin.net/security/PMASA-2016-12/

https://www.phpmyadmin.net/security/PMASA-2016-13/

Plugin Details

Severity: Medium

ID: 143489

File Name: phpmyadmin_pmasa_4_5_5_1.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 12/7/2020

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2016-2562

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/phpMyAdmin

Exploit Ease: No known exploits are available

Patch Publication Date: 3/1/2016

Vulnerability Publication Date: 3/1/2016

Reference Information

CVE: CVE-2016-2559, CVE-2016-2560, CVE-2016-2561, CVE-2016-2562

BID: 83704, 83711, 83717, 83718

CWE: 295, 661, 79