phpMyAdmin 4.0.10.x < 126.96.36.199 / 4.4.15.x < 188.8.131.52 / 4.6.x < 4.6.6 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 9936
SynopsisThe remote web server contains a version of phpMyAdmin that is affected by multiple vulnerabilities.
DescriptionVersions of phpMyAdmin 4.0.10.x prior to 184.108.40.206, 4.4.15.x prior to 220.127.116.11, and 4.6.x prior to 4.6.6 are unpatched, and therefore affected by the following vulnerabilities :
- A flaw exists that allows a cross-site redirection attack. This flaw exists because the application does not validate request paths before returning them to the user. This could allow a context-dependent attacker to create a specially crafted link that, if followed, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appears to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client-side software such as a web browser or document rendering programs, as well as phishing attacks that mimic the legitimate site but send user-supplied information to the attacker.
- A flaw exists in the 'goto()' function that is triggered during the handling of table data, which may launch a recursive include operation. This may allow a remote attacker to cause a denial of service.
- A flaw exists that is due to the program failing to sanitize input passed via cookie parameters. This may allow a remote attacker to inject arbitrary CSS in themes.
- A flaw exists in replication status that is triggered during the handling of a specially crafted table name. This may allow a remote attacker to cause a denial of service.
- A flaw exists related to request handling between a user and a server, where the server can be induced into performing unintended actions (Server Side Request Forgery, or SSRF). By making a crafted request, the server can be used to conduct host-based attacks. This may allow an authenticated remote attacker to bypass access restrictions (e.g. host or network ACLs) and connect to hosts without the appropriate authorization. It is unclear if this may be leveraged for further impacts.
SolutionUpgrade to phpMyAdmin version 4.6.6 or later. If 4.6.x cannot be obtained, versions 18.104.22.168 and 22.214.171.124 have also been patched for these vulnerabilities.