Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file.

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2013-4995     Authenticated users could inject arbitrary web script or     HTML via a crafted SQL query.

  - CVE-2013-4996     Cross site scripting was possible via a crafted logo URL     in the navigation panel or a crafted entry in the     Trusted Proxies list.

  - CVE-2013-5002     Authenticated users could inject arbitrary web script or     HTML via a crafted pageNumber value in Schema Export.

  - CVE-2013-5003     Authenticated users could execute arbitrary SQL commands     as the phpMyAdmin 'control user' via the scale parameter     PMD PDF export and the pdf_page_number parameter in     Schema Export.

  - CVE-2014-1879     Authenticated users could inject arbitrary web script or     HTML via a crafted file name in the Import function.

Versions of phpMyAdmin 3.5.x earlier than 3.5.8.2 or 4.0.x earlier than 4.0.4.2 are affected by the following multiple vulnerabilities:

  - Numerous input-validation errors exist that could lead to cross-site scripting attacks related to 'version.json', text to link transformations, schema export, SQL queries, setup, chart display, process list, and the logo link. Note that the link transformation issue, PMASA-2013-13 (CVE-2013-5001), only affects the 4.0.x branch. (CVE-2013-4995, CVE-2013-4996, CVE-2013-4997, CVE-2013-5001, CVE-2013-5002)

  - Errors exist that could allow full installation path disclosure via error messages. This information could be used in further attacks. (CVE-2013-4998, CVE-2013-4999, CVE-2013-5000)

  - Errors in the files 'schema_export.php' and 'pmd_pdf.php' could allow SQL injection attacks.(CVE-2013-5003)

The remote host is affected by the vulnerability described in GLSA-201311-02 (phpMyAdmin: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in phpMyAdmin. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote authenticated attacker could exploit these vulnerabilities to       execute arbitrary code with the privileges of the process running       phpMyAdmin, inject SQL code, or to conduct Cross-Site Scripting and       Clickjacking attacks.
  Workaround :

    There is no known workaround at this time.

Versions of phpMyAdmin 3.5.x earlier than 3.5.8.2 or 4.0.x earlier than 4.0.4.2 are affected by the following multiple vulnerabilities :

 - Numerous input-validation errors exist that could lead to cross-site scripting attacks related to 'version.json', text to link transformations, schema export, SQL queries, setup, chart display, process list, and the logo link. Note that the link transformation issue, PMASA-2013-13 (CVE-2013-5001), only affects the 4.0.x branch. (CVE-2013-4995, CVE-2013-4996, CVE-2013-4997, CVE-2013-5001, CVE-2013-5002)
 - Errors exist that could allow full installation path disclosure via error messages. This information could be used in further attacks. (CVE-2013-4998, CVE-2013-4999, CVE-2013-5000)
 - Errors in the files 'schema_export.php' and 'pmd_pdf.php' could allow SQL injection attacks.(CVE-2013-5003)

According to its self-identified version number, the phpMyAdmin install hosted on the remote web server is 3.5.x earlier than 3.5.8.2 or 4.0.x earlier than 4.0.4.2.  It is, therefore, affected by the following vulnerabilities :

 - Numerous input validation errors exist that could lead    to cross-site scripting attacks related to    'version.json', text to link transformations, schema    export, SQL queries, setup, chart display, process list,    and the logo link. Note that the link transformation    issue, PMASA-2013-13 (CVE-2013-5001), only affects the    4.0.x branch. (CVE-2013-4995, CVE-2013-4996,    CVE-2013-4997, CVE-2013-5001, CVE-2013-5002)

  - Errors exist that could allow full installation path     disclosure via error messages. This information could     be used in further attacks. (CVE-2013-4998,     CVE-2013-4999, CVE-2013-5000)

  - Errors in the files 'schema_export.php' and     'pmd_pdf.php' could allow SQL injection attacks.
    (CVE-2013-5003)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin :

  - XSS due to unescaped HTML Output when executing a SQL     query (CVE-2013-4995).

  - 5 XSS vulnerabilities in setup, chart display, process     list, and logo link. If a crafted version.json would be     presented, an XSS could be introduced (CVE-2013-4996,     CVE-2013-4997).

  - Full path disclosure vulnerabilities (CVE-2013-4998,     CVE-2013-5000).

  - Self-XSS due to unescaped HTML output in schema export     (CVE-2013-5002).

  - SQL injection vulnerabilities, producing a privilege     escalation (control user) (CVE-2013-5003).

This upgrade provides the latest phpmyadmin version (3.5.8.2) to address these vulnerabilities.

ID	Name	Product	Family	Severity
76433	Debian DSA-2975-1 : phpmyadmin - security update	Nessus	Debian Local Security Checks	medium
8144	phpMyAdmin 3.5.x < 3.5.8.2 / 4.0.x < 4.0.4.2 Multiple Vulnerabilities	Nessus Network Monitor	CGI	medium
70753	GLSA-201311-02 : phpMyAdmin: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
6967	phpMyAdmin 3.5.x < 3.5.8.2 / 4.0.x < 4.0.4.2 Multiple Vulnerabilities	Nessus Network Monitor	CGI	medium
69184	phpMyAdmin 3.5.x < 3.5.8.2 / 4.0.x < 4.0.4.2 Multiple Vulnerabilities (PMASA-2013-8 - PMASA-2013-15	Nessus	CGI abuses	medium
69154	Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:203)	Nessus	Mandriva Local Security Checks	medium

Detections

Analytics

CVE-2013-4996

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium