phpMyAdmin 3.5.x < 3.5.8.1 / 4.x < 4.0.0-rc3 Multiple Vulnerabilities (PMASA-2013-2 - PMASA-2013-5

medium Nessus Plugin ID 66295

Synopsis

The remote web server hosts a PHP application that is affected by multiple vulnerabilities.

Description

According to its self-identified version number, the phpMyAdmin 3.5.x / 4.0.0 install hosted on the remote web server is earlier than 3.5.8.1 / 4.0.0-rc3 and is, therefore, affected by multiple vulnerabilities:

- The 'preg_replace' fails to properly sanitize arguments, which can be used to for arbitrary code execution. (CVE-2013-3238)

- A security weakness exists in the way that locally saved databases are handled. It is possible that the 'filename_template' parameter can be used to create a file with double extensions. (CVE-2013-3239)

- A flaw exists where the 'what' parameter was not correctly validated, allowing for a local file inclusion. This flaw reportedly affects phpMyAdmin 4.x only. (CVE-2013-3240)

- A flaw exists in the 'export.php' script that allows overwrite of global variables, leading to an unauthorized access vulnerability. This flaw reportedly affects phpMyAdmin 4.x only. (CVE-2013-3241)

Solution

Either upgrade to phpMyAdmin 3.5.8.1 / 4.0.0-rc3 or later, or apply the patches from the referenced link.

See Also

https://www.phpmyadmin.net/security/PMASA-2013-2/

https://www.phpmyadmin.net/security/PMASA-2013-3/

https://www.phpmyadmin.net/security/PMASA-2013-4/

https://www.phpmyadmin.net/security/PMASA-2013-5/

http://www.waraxe.us/advisory-103.html

Plugin Details

Severity: Medium

ID: 66295

File Name: phpmyadmin_pmasa_2013_2.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 5/2/2013

Updated: 6/4/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Required KB Items: www/PHP, www/phpMyAdmin, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 4/24/2013

Vulnerability Publication Date: 4/24/2013

Exploitable With

Core Impact

Metasploit (phpMyAdmin Authenticated Remote Code Execution via preg_replace())

Reference Information

CVE: CVE-2013-3238, CVE-2013-3239, CVE-2013-3240, CVE-2013-3241

BID: 59460, 59461, 59462, 59465