SynopsisThe remote web server hosts a PHP application that is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 126.96.36.199, 4.4.x prior to 188.8.131.52, or 4.5.x prior to 4.5.4. It is, therefore, affected by the following vulnerabilities :
- An information disclosure vulnerability exists in multiple scripts that allows a remote attacker, via a specially crafted request, to disclose the software's installation path. (CVE-2016-2038)
- A security bypass vulnerability exists due to generating XSRF tokens with cryptographically insecure values. A remote attacker can exploit this to bypass intended access restrictions by predicting a value.
- Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input to the home, database search, and zoom search pages. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-2040)
- A security bypass vulnerability exists due to a failure to use a constant-time algorithm for comparing XSRF tokens. A remote attacker can exploit this, via a timing attack, to bypass intended access restrictions.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to phpMyAdmin version 184.108.40.206 / 220.127.116.11 / 4.5.4 or later.
Alternatively, apply the patch referenced in the vendor advisory.