Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 4.0.x < 4.0.10.10 / 4.2.x < 4.2.13.3 / 4.3.x < 4.3.13.1 / 4.4.x < 4.4.6.1 Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3)

Medium

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

Versions of phpMyAdmin 4.0.x prior to 4.0.10.10, 4.2.x prior to 4.2.13.3, 4.3.x prior to 4.3.13.1, or 4.4.x prior to 4.4.6.1 are unpatched for the following vulnerabilities :

- An attacker could trick a user with a crafted URL during installation to alter the configuration file being generated. (CVE-2015-3902) - A flaw exists in 'libraries/Config.class.php' due to an error in an API call to GitHub that allows a man-in-the-middle attacker to perform unauthorized actions. (CVE-2015-3903)

Solution

Upgrade to phpMyAdmin 4.0.10.10 / 4.2.13.3 / 4.3.13.1 / 4.4.6.1 or later, or apply the patches referenced in the vendor advisory.