The version of phpMyAdmin installed on the remote host does not sanitize the database name parameter inside the Designer feature, leading to a Cross-Site Scripting (XSS) vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The phpMyAdmin development team reports : Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially crafted database name. Severity We consider this attack to be of moderate severity. Summary File inclusion and remote code execution attack Description A flaw has been discovered where an attacker can include (view and potentially execute) files on the server.

The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages.

An attacker must be authenticated, except in these situations :

- $cfg['AllowArbitraryServer'] = true: attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin

- $cfg['ServerDefault'] = 0: this bypasses the login and runs the vulnerable code without any authentication Severity We consider this to be severe. Mitigation factor Configuring PHP with a restrictive `open_basedir` can greatly restrict an attacker's ability to view files on the server. Vulnerable systems should not be run with the phpMyAdmin directives $cfg['AllowArbitraryServer'] = true or $cfg['ServerDefault'] = 0

Upstream announcement :

The phpMyAdmin team is pleased to announce the release of **phpMyAdmin version 4.8.2**. Among other bug fixes, this contains an important security update and it is highly recommended that all users upgrade immediately.

The urgent vulnerability allows an authenticated attacker to exploit a phpMyAdmin feature to show and potentially execute files on the server. PHP open_basedir restrictions mitigate the effect of this flaw. For further details, see the PMASA announcement .

A second flaw was also fixed allowing an attacker to use a specially crafted database name to trick a user in to executing a cross-site scripting (XSS) attack in the Designer feature .

In addition to the security fixes, this release also includes these bug fixes as part of our regular release cycle :

  - WHERE 0 clause causes a fatal error

  - Fix missing 'INDEX' icon

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for phpMyAdmin fixes multiple issues.

Security issues fixed :

  - CVE-2018-12613: File inclusion and remote code execution     attack (boo#1098751)

  - CVE-2018-12581: XSS in Designer feature (boo#1098752)

This update to version 4.8.2 also contains number of upstream bug fixes and improvements.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4843-1 advisory.

    Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of     passwords. An attacker could use this vulnerability to cause a denial-of-service (DoS). This issue only     affected Ubuntu 14.04 ESM. (CVE-2014-9218)

    Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input in the form of database     names in the PHP Array export feature. An authenticated attacker could use this vulnerability to run     arbitrary PHP commands. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6609)

    Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input. An attacker could use     this vulnerability to execute SQL injection attacks. This issue only affected Ubuntu 14.04 ESM and Ubuntu     16.04 ESM. (CVE-2016-6619)

    Emanuel Bronshtein discovered that phpMyadmin failed to properly sanitize input. An authenticated attacker     could use this vulnerability to cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM     and Ubuntu 16.04 ESM. (CVE-2016-6630)

    Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input. An attacker could use     this vulnerability to bypass AllowRoot restrictions and deny rules for usernames. This issue only affected     Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-9849)

    Emanuel Bronshtein discovered that phpMyAdmin would allow sensitive information to be leaked when the     argument separator in a URL was not the default & value. An attacker could use this vulnerability to     obtain the CSRF token of a user. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
    (CVE-2016-9866)

    Isaac Bennetch discovered that phpMyAdmin was incorrectly restricting user access due to the behavior of     the substr function on some PHP versions. An attacker could use this vulnerability to bypass login     restrictions established for users that have no password set. This issue only affected Ubuntu 14.04 ESM.
    This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-18264)

    Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input in the form of parameters     sent during a table editing operation. An attacker could use this vulnerability to trigger an endless     recursion and cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04     ESM. (CVE-2017-1000014)

    Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input used to generate a web     page. An authenticated attacker could use this vulnerability to execute CSS injection attacks. This issue     only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-1000015)

    It was discovered that phpMyAdmin incorrectly handled certain input. An attacker could use this     vulnerability to execute a cross-site scripting (XSS) attack via a crafted URL. This issue only affected     Ubuntu 16.04 ESM. (CVE-2018-7260)

    It was discovered phpMyAdmin incorrectly handled database names. An attacker could possibly use this to     trigger a cross-site scripting attack. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
    (CVE-2018-12581)

    Daniel Le Gall discovered that phpMyAdmin would expose sensitive information to unauthorized actors due to     an error in its transformation feature. An authenticated attacker could use this vulnerability to leak the     contents of a local file. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-19968)

    It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this to     perform a cross-site scripting attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-19970)

    It was discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this     vulnerability to execute an SQL injection attack via a specially crafted database name. This issue only     affected Ubuntu 16.04 ESM. (CVE-2019-11768)

    It was discovered that phpMyAdmin incorrectly handled some requests. An attacker could possibly use this     to perform a cross site request forgery attack. This issue only affected Ubuntu 16.04 ESM.
    (CVE-2019-12616)

    It was discovered that phpMyAdmin incorrectly handled some requests. An attacker could possibly use this     to perform a cross site request forgery attack. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04     ESM. (CVE-2019-12922)

    It was discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this     vulnerability to execute an SQL injection attack via a specially crafted username. This issue only     affected Ubuntu 16.04 ESM. (CVE-2019-6798)

    It was discovered that phpMyAdmin did not properly sanitize certain input. An attacker could use this     vulnerability to possibly execute an HTML injection or a cross-site scripting (XSS) attack. This issue     only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-19617)

    CSW Research Labs discovered that phpMyAdmin failed to properly sanitize input.

    An attacker could use this vulnerability to execute SQL injection attacks. This issue only affected Ubuntu     16.04 ESM. (CVE-2020-5504)

    Giwan Go and Yelang Lee discovered that phpMyAdmin was vulnerable to an XSS attack in the transformation     feature. If a victim were to click on a crafted link, an attacker could run malicious JavaScript on the     victim's system. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-26934)

    Andre S discovered that phpMyAdmin incorrectly handled certain SQL statements in the search feature. A     remote, authenticated attacker could use this to inject malicious SQL into a query. This issue only     affected Ubuntu 20.04 ESM. (CVE-2020-26935)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
113288	phpMyAdmin 4.x < 4.8.2 Cross-Site Scripting	Web App Scanning	Component Vulnerability	7/11/2022	3/14/2023	medium
110675	FreeBSD : phpmyadmin -- remote code inclusion and XSS scripting (17cb6ff3-7670-11e8-8854-6805ca0b3d42)	Nessus	FreeBSD Local Security Checks	6/25/2018	9/16/2024	high
120489	Fedora 28 : phpMyAdmin (2018-68349e3094)	Nessus	Fedora Local Security Checks	1/3/2019	7/5/2024	medium
110680	openSUSE Security Update : phpMyAdmin (openSUSE-2018-669)	Nessus	SuSE Local Security Checks	6/25/2018	9/16/2024	high
183178	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : phpMyAdmin vulnerabilities (USN-4843-1)	Nessus	Ubuntu Local Security Checks	10/16/2023	8/27/2024	critical
123202	openSUSE Security Update : phpMyAdmin (openSUSE-2019-490)	Nessus	SuSE Local Security Checks	3/27/2019	6/11/2024	high

Detections

Analytics

Plugins Search

medium

high

medium

high

critical

high