Detections
Analytics
phpMyAdmin 3.3.x < 3.3.10.2 / 3.4.x < 3.4.3.1 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 5985
Synopsis
The remote web server contains a PHP application that is vulnerable to multiple attack vectors.Description
Versions of phpMyAdmin 3.3.x earlier than 3.3.10.2 and 3.4.x earlier than 3.4.3.1 are potentially affected by multiple vulnerabilities :- It is possible to manipulate the PHP session superglobal usig some of the Swekey authentication code. (PMASA-2011-5)
- An unsanitized key from the Servers array is written in a comment of the generated config, which could allow an attacker to close the comment and inject code. (PMASA-2011-6)
- It is possible to use a null byte to truncate the pattern string which would allow an attacker to inject the /e modifier causing the pre_replace function to execute its second argument as PHP code. (PMASA-2011-7)
- An issue exists in the MIME-type transformation code, which allows for directory traversal. (PMASA-2011-8)
Solution
Upgrade to phpMyAdmin 3.3.10.2, 3.4.3.1, or later.See Also
http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html
http://www.phpmyadmin.net/home_page/security/PMASA-2011-5
http://www.phpmyadmin.net/home_page/security/PMASA-2011-6
Plugin Details
Severity: Medium
ID: 5985
Family: CGI
Published: 7/14/2011
Updated: 3/6/2019
Nessus ID: 57346
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.4
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:phpmyadmin:phpmyadmin
Patch Publication Date: 7/7/2011
Vulnerability Publication Date: 7/7/2011
Reference Information
CVE: CVE-2011-2505, CVE-2011-2506, CVE-2011-2507, CVE-2011-2508
BID: 48563