FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- Multiple vulnerabilities

Affected packages
4.6.0 <= phpMyAdmin < 4.6.6

Details

VuXML ID 7721562b-e20a-11e6-b2e2-6805ca0b3d42
Discovery 2017-01-24
Entry 2017-01-24

The phpMyAdmin development team reports:

Summary

Open redirect

Description

It was possible to trick phpMyAdmin to redirect to insecure using special request path.

Severity

We consider this vulnerability to be non critical.

Summary

php-gettext code execution

Description

The php-gettext library can suffer to code execution. However there is no way to trigger this inside phpMyAdmin.

Severity

We consider this to be minor.

Summary

DOS vulnerability in table editing

Description

It was possible to trigger recursive include operation by crafted parameters when editing table data.

Severity

We consider this to be non critical.

Summary

CSS injection in themes

Description

It was possible to cause CSS injection in themes by crafted cookie parameters.

Severity

We consider this to be non critical.

Summary

Cookie attribute injection attack

Description

A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. This was incompletely fixed in PMASA-2016-18.

Severity

We consider this to be non-critical.

Summary

SSRF in replication

Description

For a user with appropriate MySQL privileges it was possible to connect to arbitrary host.

Severity

We consider this to be non-critical.

Summary

DOS in replication status

Description

It was possible to trigger DOS in replication status by specially crafted table name.

Severity

We consider this to be non critical.

References

CVE Name CVE-2015-8980
URL https://www.phpmyadmin.net/security/PMASA-2017-1
URL https://www.phpmyadmin.net/security/PMASA-2017-2
URL https://www.phpmyadmin.net/security/PMASA-2017-3
URL https://www.phpmyadmin.net/security/PMASA-2017-4
URL https://www.phpmyadmin.net/security/PMASA-2017-5
URL https://www.phpmyadmin.net/security/PMASA-2017-6
URL https://www.phpmyadmin.net/security/PMASA-2017-7