FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- multiple vulnerabilities

Affected packages
4.6.0 <= phpmyadmin < 4.6.3

Details

VuXML ID e7028e1d-3f9b-11e6-81f9-6805ca0b3d42
Discovery 2016-06-23
Entry 2016-07-01

The phpMYAdmin development team reports:

Summary

BBCode injection vulnerability

Description

A vulnerability was discovered that allows an BBCode injection to setup script in case it's not accessed on https.

Severity

We consider this to be non-critical.

Summary

Cookie attribute injection attack

Description

A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies.

Severity

We consider this to be non-critical.

Summary

SQL injection attack

Description

A vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control user.

Severity

We consider this vulnerability to be serious

Summary

XSS on table structure page

Description

An XSS vulnerability was discovered on the table structure page

Severity

We consider this to be a serious vulnerability

Summary

Multiple XSS vulnerabilities

Description
Severity

We consider this to be a serious vulnerability

Summary

DOS attack

Description

A Denial Of Service (DOS) attack was discovered in the way phpMyAdmin loads some JavaScript files.

Severity

We consider this to be of moderate severity

Summary

Multiple full path disclosure vulnerabilities

Description

This PMASA contains information on multiple full-path disclosure vulnerabilities reported in phpMyAdmin.

By specially crafting requests in the following areas, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed.

  1. Setup script
  2. Example OpenID authentication script
Severity

We consider these vulnerabilities to be non-critical.

Summary

XSS through FPD

Description

With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script.

Severity

We do not consider this vulnerability to be secure due to the non-standard required PHP setting for html_errors.

Summary

XSS in partition range functionality

Description

A vulnerability was reported allowing a specially crafted table parameters to cause an XSS attack through the table structure page.

Severity

We consider this vulnerability to be severe.

Summary

Multiple XSS vulnerabilities

Description
Severity

We consider these attacks to be of moderate severity.

Summary

Unsafe handling of preg_replace parameters

Description

In some versions of PHP, it's possible for an attacker to pass parameters to the preg_replace() function which can allow the execution of arbitrary PHP code. This code is not properly sanitized in phpMyAdmin as part of the table search and replace feature.

Severity

We consider this vulnerability to be of moderate severity.

Summary

Referrer leak in transformations

Description

A vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token. This could be used to direct a CSRF attack against a user.

Furthermore, the CSP code used in version 4.0.x is outdated and has been updated to more modern standards.

Severity

We consider this to be of moderate severity

References

CVE Name CVE-2016-5701
CVE Name CVE-2016-5702
CVE Name CVE-2016-5703
CVE Name CVE-2016-5704
CVE Name CVE-2016-5705
CVE Name CVE-2016-5706
CVE Name CVE-2016-5730
CVE Name CVE-2016-5731
CVE Name CVE-2016-5732
CVE Name CVE-2016-5733
CVE Name CVE-2016-5734
CVE Name CVE-2016-5739
URL https://www.phpmyadmin.net/security/PMASA-2016-17/
URL https://www.phpmyadmin.net/security/PMASA-2016-18/
URL https://www.phpmyadmin.net/security/PMASA-2016-19/
URL https://www.phpmyadmin.net/security/PMASA-2016-20/
URL https://www.phpmyadmin.net/security/PMASA-2016-21/
URL https://www.phpmyadmin.net/security/PMASA-2016-22/
URL https://www.phpmyadmin.net/security/PMASA-2016-23/
URL https://www.phpmyadmin.net/security/PMASA-2016-24/
URL https://www.phpmyadmin.net/security/PMASA-2016-25/
URL https://www.phpmyadmin.net/security/PMASA-2016-26/
URL https://www.phpmyadmin.net/security/PMASA-2016-27/
URL https://www.phpmyadmin.net/security/PMASA-2016-28/