phpMyAdmin 4.0.x < 220.127.116.11 / 4.4.x < 18.104.22.168 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)
Medium Nessus Network Monitor Plugin ID 9115
SynopsisThe remote web server contains a PHP application that is affected by multiple vulnerabilities.
DescriptionVersions of phpMyAdmin 4.0.x prior to 22.214.171.124, 4.4.x prior to 126.96.36.199, and 4.5.x prior to 4.5.4 are unpatched for the following vulnerabilities :
- An information disclosure vulnerability exists in multiple scripts that allows a remote attacker, via a specially crafted request, to disclose the software's installation path. (CVE-2016-2038)
- A security bypass vulnerability exists due to generating XSRF tokens with cryptographically insecure values. A remote attacker can exploit this to bypass intended access restrictions by predicting a value. (CVE-2016-2039)
- Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input to the home, database search, and zoom search pages. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-2040)
- A security bypass vulnerability exists due to a failure to use a constant-time algorithm for comparing XSRF tokens. A remote attacker can exploit this, via a timing attack, to bypass intended access restrictions. (CVE-2016-2041)
SolutionUpgrade to phpMyAdmin 188.8.131.52 / 184.108.40.206 / 4.5.4 or later. Alternatively, apply the patch referenced in the vendor advisory.