phpMyAdmin 4.0.x < 4.0.10.13 / 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)

medium Nessus Network Monitor Plugin ID 9115
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

Versions of phpMyAdmin 4.0.x prior to 4.0.10.13, 4.4.x prior to 4.4.15.3, and 4.5.x prior to 4.5.4 are unpatched for the following vulnerabilities :

- A security bypass vulnerability exists due to the use of the 'Math.random()' JavaScript function which does not provide cryptographically secure random numbers. A remote attacker can exploit this to guess passwords via a brute-force attack. (CVE-2016-1927)
- An information disclosure vulnerability exists in multiple scripts that allows a remote attacker, via a specially crafted request, to disclose the software's installation path. (CVE-2016-2038)
- A security bypass vulnerability exists due to generating XSRF tokens with cryptographically insecure values. A remote attacker can exploit this to bypass intended access restrictions by predicting a value. (CVE-2016-2039)
- Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input to the home, database search, and zoom search pages. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-2040)
- A security bypass vulnerability exists due to a failure to use a constant-time algorithm for comparing XSRF tokens. A remote attacker can exploit this, via a timing attack, to bypass intended access restrictions. (CVE-2016-2041)

Solution

Upgrade to phpMyAdmin 4.0.10.13 / 4.4.15.3 / 4.5.4 or later. Alternatively, apply the patch referenced in the vendor advisory.

See Also

https://www.phpmyadmin.net/security

https://www.phpmyadmin.net/security/PMASA-2016-1

https://www.phpmyadmin.net/security/PMASA-2016-2

https://www.phpmyadmin.net/security/PMASA-2016-3

https://www.phpmyadmin.net/security/PMASA-2016-4

https://www.phpmyadmin.net/security/PMASA-2016-5

Plugin Details

Severity: Medium

ID: 9115

Family: CGI

Published: 3/2/2016

Updated: 3/6/2019

Dependencies: 9102

Nessus ID: 88985

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Patch Publication Date: 1/23/2016

Vulnerability Publication Date: 1/23/2016

Reference Information

CVE: CVE-2016-2038, CVE-2016-2039, CVE-2016-2040, CVE-2016-1927, CVE-2016-2041

BID: 81210, 82075, 82076, 82077, 82084