FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- multiple vulnerabilities

Affected packages
4.0 <= phpMyAdmin < 4.0.4.2
3.5 <= phpMyAdmin35 < 3.5.8.2

Details

VuXML ID f4a0212f-f797-11e2-9bb9-6805ca0b3d42
Discovery 2013-07-28
Entry 2013-07-28
Modified 2013-07-29

The phpMyAdmin development team reports:

XSS due to unescaped HTML Output when executing a SQL query.

[source]

5 XSS vulnerabilities in setup, chart display, process list, and logo link.

[source]

If a crafted version.json would be presented, an XSS could be introduced.

[source]

Full path disclosure vulnerabilities.

[source]

XSS vulnerability when a text to link transformation is used.

[source]

Self-XSS due to unescaped HTML output in schema export.

[source]

SQL injection vulnerabilities, producing a privilege escalation (control user).

[source]

References

URL http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view
URL http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.