Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

A phpMyAdmin security announcement reports :

We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points :

- css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This way, a possible attacker could manipulate any configuration parameter. Using phpMyAdmin's theming mechanism, he was able to include arbitrary files. This is especially dangerous if php is not running in safe mode.

- A possible attacker could manipulate phpMyAdmin's localized strings via the URL and inject harmful JavaScript code this way, which could be used for XSS attacks.

The remote host is affected by the vulnerability described in GLSA-200503-07 (phpMyAdmin: Multiple vulnerabilities)

    phpMyAdmin contains several security issues:
    Maksymilian Arciemowicz has discovered multiple variable injection     vulnerabilities that can be exploited through '$cfg' and 'GLOBALS'     variables and localized strings     It is possible to force phpMyAdmin to disclose information in error     messages     Failure to correctly escape special characters   Impact :

    By sending a specially crafted request, an attacker can include and     execute arbitrary PHP code or cause path information disclosure.
    Furthermore the XSS issue allows an attacker to inject malicious script     code, potentially compromising the victim's browser. Lastly the     improper escaping of special characters results in unintended privilege     settings for MySQL.
  Workaround :

    There is no known workaround at this time.

The installed version of phpMyAdmin suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user input in several PHP scripts used as libraries and themes.  A remote attacker may use these issues to cause arbitrary code to be executed in a user's browser, to steal authentication cookies and the like.

The remote host is running phpMyAdmin, an open-source software written in PHP to handle the administration of MySQL over the Web.
The remote version of this software is vulnerable to arbitrary command execution due to a lack of user-supplied data sanitization.
In addition, the remote host is vulnerable to multiple remote Cross-Site Scripting (XSS) flaws. An attacker exploiting these flaws would need to be able to convince a user into clicking on a malicious URL.  Upon successful exploitation, the attacker would be able to steal credentials or execute code within the browser.
Thirdly, the remote host is vulnerable to a flaw in the way that it handles user-supplied variables that are used within included files.  An attacker exploiting this flaw would pass malicious data to the server that the server would then include within the executing script code.  A successful exploit would result in the attacker being able to execute arbitrary code on the server. 

ID	Name	Product	Family	Severity
19016	FreeBSD : phpmyadmin -- arbitrary file include and XSS vulnerabilities (882ef43b-901f-11d9-a22c-0001020eed82)	Nessus	FreeBSD Local Security Checks	high
17263	GLSA-200503-07 : phpMyAdmin: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
17220	phpMyAdmin < 2.6.1 pl2 Libraries and Themes Multiple XSS	Nessus	CGI abuses : XSS	medium
2452	phpMyAdmin < 2.6.1-pl1 RCE	Nessus Network Monitor	CGI	high

Detections

Analytics

CVE-2005-0543

medium

Tenable Plugins

high

medium

medium

high