Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 4.0.10.x < 4.0.10.17 / 4.4.15.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities

Critical

Synopsis

The remote web server contains a version of phpMyAdmin that is affected by multiple vulnerabilities.

Description

Versions of phpMyAdmin 4.0.10.x prior to 4.0.10.17, 4.4.15.x prior to 4.4.15.8, and 4.6.x prior to 4.6.4 are unpatched, and therefore affected by the following vulnerabilities :

- A flaw exists that may lead to the unauthorized disclosure of sensitive information. The issue is due to the program using requests that contain an algorithm that is vulnerable to padding oracle attacks. This may allow a remote attacker to decode information without knowledge of the encryption key and gain access to a user's potentially sensitive personal information. (OSVDB 143184) - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the 'libraries/replication_gui.lib.php' script does not validate input to the 'username' and 'hostname' parameters before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 143185) - A flaw exists that allows an XSS attack. vThis flaw exists because the database privilege check functionality does not validate input to database names before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 143186) - A flaw exists that allows an XSS attack. This flaw exists because the remove partitioning functionality does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 143187) - A flaw exists in the 'libraries/plugins/export/ExportPhparray.class.php' script that is triggered as input passed via database names is not properly sanitized. This may allow a remote attacker to execute arbitrary commands. (OSVDB 143188) - A flaw exists in 'libraries/plugin_interface.lib.php' that is triggered during the handling of errors when creating non-existent classes, which may allow a remote attacker to disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks. (OSVDB 143189) - A flaw exists that may allow carrying out an SQL injection attack. The issue is due to the 'libraries/plugins/export/ExportSql.class.php' script not properly sanitizing input to database and table names. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 143190) - A flaw exists in the 'LOAD LOCAL INFILE' functionality that may allow an authenticated remote attacker to expose files on the server to the database system. (OSVDB 143191) - A flaw exists as the program creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against a file to cause the program to unexpectedly disclose arbitrary files. (OSVDB 143192) - A flaw exists that allows traversing outside of a restricted path. The issue is due to the 'libraries/Util.class.php' script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') when handling the '%u' username replacement functionality of the 'SaveDir' and 'UploadDir' features. With a specially crafted request, a remote attacker can disclose arbitrary files. (OSVDB 143193) - A flaw exists that allows an XSS attack. This flaw exists because the 'libraries/navigation/Nodes/Node_Database.class.php' script does not validate input to database names before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 143194) - A flaw exists that allows an XSS attack. This flaw exists because the 'libraries/tracking.lib.php' script does not validate input when handling queries before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 143195) - A flaw exists that allows an XSS attack. This flaw exists because the 'libraries/tbl_gis_visualization.lib.php' script does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 143196) - A flaw exists that may allow carrying out an SQL injection attack. The issue is due to the program not properly sanitizing input when handling user group queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 143197) - A flaw exists that may allow carrying out an SQL injection attack. The issue is due to the 'libraries/display_export.lib.php' script not properly sanitizing input when handling database or table names. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 143198) - A flaw exists in the 'transformation_wrapper.php' script that is triggered during the scaling of image dimensions. This may allow a remote attacker to cause a denial of service for the server. (OSVDB 143199) - A flaw exists that may allow carrying out an SQL injection attack. The issue is due to the user interface preference feature not properly sanitizing input before using it in SQL queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 143200) - A flaw exists in the 'unserialize()' function that is triggered during the handling of user-supplied data. This may allow a remote attacker to execute arbitrary code. (OSVDB 143201) - A flaw exists in the 'AllowArbitraryServer' option that is triggered when a remote attacker to forces persistent connections. This may allow the attacker to cause a denial of service. (OSVDB 143202) - A flaw exists that is triggered during the handling of looped large values. This may allow an authenticated remote attacker to cause a denial of service on a server. (OSVDB 143203) - A flaw exists in the 'libraries/ip_allow_deny.lib.php' script that may allow a remote attacker to bypass IP-based authentication rules. (OSVDB 143204) - An unspecified flaw exists that may allow a remote attacker to determine whether a user is logged into the program. (OSVDB 143205) - A flaw exists that allows a cross-site redirection attack. This flaw exists because the application does not validate input upon submission to the 'libraries/core.lib.php' script. This could allow a context-dependent attacker to create a specially crafted link that, if followed, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. (OSVDB 143206) - A flaw exists in the 'url.php' script that is triggered during the handling of HTTP headers. This may allow a remote attacker to disclose host location information. (OSVDB 143207) - A flaw exists in the 'file_echo.php' script that may allow a remote attacker to cause a different user to download a specially crafted SVG file. (OSVDB 143208) - A flaw exists in the 'ArbitraryServerRegexp' configuration directive that may allow a remote attacker to reuse certain cookie values and bypass intended server definition limits. (OSVDB 143209) - A flaw exists in the 'user_password.php' script that is triggered during the handling of an overly long password. This may allow a remote attacker to cause a denial of service. (OSVDB 143210) - A flaw exists in '/libraries/plugins/transformations/generator_plugin.sh' that is triggered during the handling of query strings. This may allow a remote attacker to execute arbitrary code. (OSVDB 143211) - A flaw exists in the dbase extension in the 'libraries/plugins/import/ImportShp.class.php' script that is due to the program failing to delete temporary files during the import of ESRI files. This may allow a remote attacker to cause a denial of service. (OSVDB 143212) - A flaw exists in the 'dbase' extension that is triggered during the handling of SHP import. This may allow a remote attacker to execute arbitrary code. (OSVDB 143213)

Solution

Upgrade to phpMyAdmin version 4.6.4 or later. If 4.6.x cannot be obtained, versions 4.4.15.8 and 4.0.10.17 have also been patched for these vulnerabilities.