Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Updated phpMyAdmin packages fix multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | MDKSA-2007:199 | First vendor Publication | 2007-10-17 |
| Vendor | Mandriva | Last vendor Modification | 2007-10-17 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A number of vulnerabilities and security-related issues have been fixed in phpMyAdmin versions since the 2.9.1.1 release. This update provides version 2.11.1.2 which is the latest stable release of phpMyAdmin. Note that due to heavy configuration file changes, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient so simply replace config.default.php with config.default.php.rpmnew and make whatever modifications are necessary. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18380 | |||
| Oval ID: | oval:org.mitre.oval:def:18380 | ||
| Title: | DSA-1370-2 phpmyadmin - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1370-2 CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | phpmyadmin |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20433 | |||
| Oval ID: | oval:org.mitre.oval:def:20433 | ||
| Title: | DSA-1403-1 phpmyadmin - cross-site scripting | ||
| Description: | Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1403-1 CVE-2007-5589 CVE-2007-5386 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | phpmyadmin |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20451 | |||
| Oval ID: | oval:org.mitre.oval:def:20451 | ||
| Title: | DSA-1370-1 phpmyadmin - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1370-1 CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | phpmyadmin |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-02-27 | Name : Fedora Update for phpMyAdmin FEDORA-2007-2738 File : nvt/gb_fedora_2007_2738_phpMyAdmin_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for phpMyAdmin FEDORA-2007-3639 File : nvt/gb_fedora_2007_3639_phpMyAdmin_fc8.nasl |
| 2009-02-27 | Name : Fedora Update for phpMyAdmin FEDORA-2007-3666 File : nvt/gb_fedora_2007_3666_phpMyAdmin_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for phpMyAdmin FEDORA-2007-4298 File : nvt/gb_fedora_2007_4298_phpMyAdmin_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for phpMyAdmin FEDORA-2007-4334 File : nvt/gb_fedora_2007_4334_phpMyAdmin_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for phpMyAdmin FEDORA-2008-9336 File : nvt/gb_fedora_2008_9336_phpMyAdmin_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for phpMyAdmin FEDORA-2008-8286 File : nvt/gb_fedora_2008_8286_phpMyAdmin_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for phpMyAdmin FEDORA-2008-8269 File : nvt/gb_fedora_2008_8269_phpMyAdmin_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for phpMyAdmin FEDORA-2008-6810 File : nvt/gb_fedora_2008_6810_phpMyAdmin_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for phpMyAdmin FEDORA-2008-6450 File : nvt/gb_fedora_2008_6450_phpMyAdmin_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for phpMyAdmin FEDORA-2008-5640 File : nvt/gb_fedora_2008_5640_phpMyAdmin_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for phpMyAdmin FEDORA-2008-2189 File : nvt/gb_fedora_2008_2189_phpMyAdmin_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for phpMyAdmin FEDORA-2008-2229 File : nvt/gb_fedora_2008_2229_phpMyAdmin_fc7.nasl |
| 2009-02-16 | Name : Fedora Update for phpMyAdmin FEDORA-2008-2825 File : nvt/gb_fedora_2008_2825_phpMyAdmin_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for phpMyAdmin FEDORA-2008-2874 File : nvt/gb_fedora_2008_2874_phpMyAdmin_fc7.nasl |
| 2009-02-13 | Name : Fedora Update for phpMyAdmin FEDORA-2008-11221 File : nvt/gb_fedora_2008_11221_phpMyAdmin_fc8.nasl |
| 2008-09-04 | Name : FreeBSD Ports: phpMyAdmin File : nvt/freebsd_phpMyAdmin14.nasl |
| 2008-09-04 | Name : FreeBSD Ports: phpMyAdmin File : nvt/freebsd_phpMyAdmin13.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1370-1 (phpmyadmin) File : nvt/deb_1370_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1403-1 (phpmyadmin) File : nvt/deb_1403_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1370-2 (phpmyadmin) File : nvt/deb_1370_2.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 38720 | phpMyAdmin Multiple Parameter XSS phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'unlim_num_rows', 'sql_query' and 'pos_parameter' variables upon submission to the tbl_export.php script, 'session_max_rows' and 'pos_parameter' variables upon submission to the sql.php script, 'username' variable upon submission to the server_privileges.php script and 'sql_query' variable upon submission to the main.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 37939 | phpMyAdmin server_status.php URL XSS |
| 37678 | phpMyAdmin setup.php URL XSS |
| 36834 | phpMyAdmin libraries/common.lib.php PMA_ArrayWalkRecursive Array Recursion DoS |
| 35050 | phpMyAdmin browse_foreigners.php fieldkey Parameter XSS |
| 35048 | phpMyAdmin XSS Protection String Blacklist Bypass |
| 33257 | phpMyAdmin themes/darkblue_orange/layout.inc.php Direct Request Path Disclosure |
| 32667 | phpMyAdmin Multiple Unspecified XSS |
| 32666 | phpMyAdmin Multiple Unspecified Issues |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-03-13 | Name : The remote openSUSE host is missing a security update. File : suse_phpMyAdmin-5083.nasl - Type : ACT_GATHER_INFO |
| 2008-03-13 | Name : The remote openSUSE host is missing a security update. File : suse_phpMyAdmin-5084.nasl - Type : ACT_GATHER_INFO |
| 2007-12-11 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4298.nasl - Type : ACT_GATHER_INFO |
| 2007-12-11 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4334.nasl - Type : ACT_GATHER_INFO |
| 2007-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3639.nasl - Type : ACT_GATHER_INFO |
| 2007-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3666.nasl - Type : ACT_GATHER_INFO |
| 2007-11-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1403.nasl - Type : ACT_GATHER_INFO |
| 2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2738.nasl - Type : ACT_GATHER_INFO |
| 2007-10-18 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_498a87317cfc11dc96e60012f06707f0.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_51b51d4a7c0f11dc9e470011d861d5e2.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_phpMyAdmin-3990.nasl - Type : ACT_GATHER_INFO |
| 2007-09-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1370.nasl - Type : ACT_GATHER_INFO |
