phpMyAdmin < 3.1.3.1 'file_path' Parameter Multiple Vulnerabilities (PMASA-2009-1)

High Nessus Network Monitor Plugin ID 4985

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The version of phpMyAdmin installed on the remote host fails to sanitize user-supplied input to the 'file_path' parameter of the 'bs_disp_as_mime_type.php' script before using it to read a file and reporting it in dynamically generated HTML. An unauthenticated remote attacker may be able to leverage this issue to read arbitrary files, possibly from third-party hosts, or to inject arbitrary HTTP headers in responses sent to third-party users. In addition, the version of phpMyAdmin is reportedly vulnerable to a number of other flaws.

Solution

Upgrade to version 3.1.3.1 or apply the patch referenced in the project's advisory.

See Also

http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php

Plugin Details

Severity: High

ID: 4985

File Name: 4985.prm

Family: CGI

Published: 2009/04/08

Modified: 2016/02/29

Dependencies: 9102

Nessus ID: 36083

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Reference Information

BID: 34253