FreeBSD : phpmyadmin -- SQL injection vulnerability (ce2f2ade-e7df-11dc-a701-000bcdc1757a)

medium Nessus Plugin ID 31377

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A phpMyAdmin security announcement report :

phpMyAdmin used the $_REQUEST superglobal as a source for its parameters, instead of $_GET and $_POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere.

Another application could set a cookie for the root path '/' with a 'sql_query' name, therefore overriding the user-submitted sql_query because by default, the $_REQUEST superglobal imports first GET, then POST then COOKIE data. Mitigation factor An attacker must trick the victim into visiting a page on the same web server where he has placed code that creates a malicious cookie.

Solution

Update the affected package.

See Also

https://www.phpmyadmin.net/security/PMASA-2008-1/

http://www.nessus.org/u?db410f67

Plugin Details

Severity: Medium

ID: 31377

File Name: freebsd_pkg_ce2f2adee7df11dca701000bcdc1757a.nasl

Version: 1.23

Type: local

Published: 3/7/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpmyadmin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 3/4/2008

Vulnerability Publication Date: 3/1/2008

Reference Information

CVE: CVE-2008-1149

BID: 28068

CWE: 352, 89