Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Updated phpMyAdmin packages fix multiple vulnerabilities
Informations
Name MDKSA-2007:229 First vendor Publication 2007-11-20
Vendor Mandriva Last vendor Modification 2007-11-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score 6.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.1.2 release. This update provides version 2.11.2.2 which is the latest stable release of phpMyAdmin.

No configuration changes should be required since the previous update (version 2.11.1.2). If upgrading from older versions, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient so simply replace config.default.php with config.default.php.rpmnew and make whatever modifications are necessary.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:229

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
50 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 161

OpenVAS Exploits

Date Description
2009-03-21 Name : phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities
File : nvt/phpmyadmin_cve_2007_5976.nasl
2009-03-20 Name : Gentoo Security Advisory GLSA 200903-32 (phpmyadmin)
File : nvt/glsa_200903_32.nasl
2009-02-27 Name : Fedora Update for phpMyAdmin FEDORA-2007-3627
File : nvt/gb_fedora_2007_3627_phpMyAdmin_fc7.nasl
2009-02-27 Name : Fedora Update for phpMyAdmin FEDORA-2007-3636
File : nvt/gb_fedora_2007_3636_phpMyAdmin_fc8.nasl
2009-02-27 Name : Fedora Update for phpMyAdmin FEDORA-2007-3639
File : nvt/gb_fedora_2007_3639_phpMyAdmin_fc8.nasl
2009-02-27 Name : Fedora Update for phpMyAdmin FEDORA-2007-3666
File : nvt/gb_fedora_2007_3666_phpMyAdmin_fc7.nasl
2008-09-04 Name : FreeBSD Ports: phpMyAdmin
File : nvt/freebsd_phpMyAdmin12.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
38714 phpMyAdmin db_create.php db Parameter XSS

phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'db' variable upon submission to the 'db_create.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
38713 phpMyAdmin db_create.php db Parameter SQL Injection

Nessus® Vulnerability Scanner

Date Description
2009-03-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200903-32.nasl - Type : ACT_GATHER_INFO
2007-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2007-3627.nasl - Type : ACT_GATHER_INFO
2007-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2007-3636.nasl - Type : ACT_GATHER_INFO
2007-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2007-3639.nasl - Type : ACT_GATHER_INFO
2007-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2007-3666.nasl - Type : ACT_GATHER_INFO
2007-11-12 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_2d2dcbb4906c11dca9510016179b2dd5.nasl - Type : ACT_GATHER_INFO