An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.
{"osv": [{"lastseen": "2023-06-27T02:17:48", "description": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.", "cvss3": {}, "published": "2016-12-11T02:59:00", "type": "osv", "title": "CVE-2016-9855", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-9855"], "modified": "2023-06-27T02:17:40", "id": "OSV:CVE-2016-9855", "href": "https://osv.dev/vulnerability/CVE-2016-9855", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-06-04T14:13:34", "description": "An issue was discovered in phpMyAdmin. By calling some scripts that are\npart of phpMyAdmin in an unexpected way, it is possible to trigger\nphpMyAdmin to display a PHP error message which contains the full path of\nthe directory where phpMyAdmin is installed. During an execution timeout in\nthe export functionality, the errors containing the full path of the\ndirectory of phpMyAdmin are written to the export file. All 4.6.x versions\n(prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This\nCVE is for the PMA_shutdownDuringExport issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-12-11T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9855", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9855"], "modified": "2016-12-11T00:00:00", "id": "UB:CVE-2016-9855", "href": "https://ubuntu.com/security/CVE-2016-9855", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-06-03T14:42:40", "description": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-12-11T02:59:00", "type": "debiancve", "title": "CVE-2016-9855", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9855"], "modified": "2016-12-11T02:59:00", "id": "DEBIANCVE:CVE-2016-9855", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9855", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-06-03T14:47:43", "description": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-12-11T02:59:00", "type": "cve", "title": "CVE-2016-9855", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9855"], "modified": "2017-07-01T01:30:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.6.0", "cpe:/a:phpmyadmin:phpmyadmin:4.4.9", "cpe:/a:phpmyadmin:phpmyadmin:4.4.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.6", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.5", "cpe:/a:phpmyadmin:phpmyadmin:4.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.4", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.8", "cpe:/a:phpmyadmin:phpmyadmin:4.4.1.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.13", "cpe:/a:phpmyadmin:phpmyadmin:4.4.5", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.7", "cpe:/a:phpmyadmin:phpmyadmin:4.6.4", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15", "cpe:/a:phpmyadmin:phpmyadmin:4.4.6.1", "cpe:/a:phpmyadmin:phpmyadmin:4.6.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.6", "cpe:/a:phpmyadmin:phpmyadmin:4.4.10", "cpe:/a:phpmyadmin:phpmyadmin:4.4.13.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.14.1", "cpe:/a:phpmyadmin:phpmyadmin:4.6.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.14", "cpe:/a:phpmyadmin:phpmyadmin:4.4.7", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.11", "cpe:/a:phpmyadmin:phpmyadmin:4.4.0", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.4", "cpe:/a:phpmyadmin:phpmyadmin:4.6.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.8", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.12"], "id": "CVE-2016-9855", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9855", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-07-15T15:20:40", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9852, CVE-2016-9853, CVE-2016-9854, CVE-2016-9855. Reason: This candidate is a reservation duplicate of CVE-2016-9852, CVE-2016-9853, CVE-2016-9854, and CVE-2016-9855. Notes: All CVE users should reference CVE-2016-9852, CVE-2016-9853, CVE-2016-9854, and/or CVE-2016-9855 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2017-05-07T08:29:00", "type": "cve", "title": "CVE-2016-1000365", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2016-1000365", "CVE-2016-9852", "CVE-2016-9853", "CVE-2016-9854", "CVE-2016-9855"], "modified": "2017-05-07T08:29:00", "cpe": [], "id": "CVE-2016-1000365", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000365", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "phpmyadmin": [{"lastseen": "2023-06-03T15:12:41", "description": "## PMASA-2016-63\n\n**Announcement-ID:** PMASA-2016-63\n\n**Date:** 2016-11-25\n\n**Updated:** 2016-12-06\n\n### Summary\n\nMultiple full path disclosure vulnerabilities\n\n### Description\n\nBy calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin is written to the export file.\n\n### Severity\n\nWe consider these vulnerability to be non-critical.\n\n### Affected Versions\n\nAll 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.6.5, 4.4.15.9, or newer or apply patch listed below.\n\n### References\n\nThanks to Emanuel Bronshtein [@e3amn2l](<https://twitter.com/e3amn2l>) for reporting this vulnerability.\n\nAssigned CVE ids: [CVE-2016-9852](<https://vulners.com/cve/CVE-2016-9852>) [CVE-2016-9853](<https://vulners.com/cve/CVE-2016-9853>) [CVE-2016-9854](<https://vulners.com/cve/CVE-2016-9854>) [CVE-2016-9855](<https://vulners.com/cve/CVE-2016-9855>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>)\n\n### Patches\n\nThe following commits have been made on the 4.4 branch to fix this issue:\n\n * [6735d83](<https://github.com/phpmyadmin/phpmyadmin/commit/6735d83>)\n * [ebcd746](<https://github.com/phpmyadmin/phpmyadmin/commit/ebcd746>)\n\nThe following commits have been made on the 4.6 branch to fix this issue:\n\n * [6197613](<https://github.com/phpmyadmin/phpmyadmin/commit/6197613>)\n * [cf83d6a](<https://github.com/phpmyadmin/phpmyadmin/commit/cf83d6a>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-11-25T00:00:00", "type": "phpmyadmin", "title": "Multiple full path disclosure vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9852", "CVE-2016-9853", "CVE-2016-9854", "CVE-2016-9855"], "modified": "2016-12-06T00:00:00", "id": "PHPMYADMIN:PMASA-2016-63", "href": "https://www.phpmyadmin.net/security/PMASA-2016-63/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:34:29", "description": "phpMyAdmin is prone to multiple security vulnerabilities.", "cvss3": {}, "published": "2017-04-10T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple Security Vulnerabilities - 03 - Dec16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9854", "CVE-2016-9853", "CVE-2016-9851", "CVE-2016-9852", "CVE-2016-9855"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310108131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108131", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_vuln04_dec16_lin.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin Multiple Security Vulnerabilities - 03 - Dec16 (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108131\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-10 12:18:02 +0200 (Mon, 10 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2016-9855\", \"CVE-2016-9854\", \"CVE-2016-9853\", \"CVE-2016-9852\", \"CVE-2016-9851\");\n script_name(\"phpMyAdmin Multiple Security Vulnerabilities - 03 - Dec16 (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple security vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.6.x prior to prior to 4.6.5, and 4.4.x prior to 4.4.15.9.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.6.5 or 4.4.15.9.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.4\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.4.15.9\" ) ) {\n vuln = TRUE;\n fix = \"4.4.15.9\";\n }\n}\n\nif( vers =~ \"^4\\.6\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.6.5\" ) ) {\n vuln = TRUE;\n fix = \"4.6.5\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:10", "description": "phpMyAdmin is prone to multiple security vulnerabilities.", "cvss3": {}, "published": "2017-04-10T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple Security Vulnerabilities - 03 - Dec16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9854", "CVE-2016-9853", "CVE-2016-9851", "CVE-2016-9852", "CVE-2016-9855"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310108130", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108130", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_vuln04_dec16_win.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin Multiple Security Vulnerabilities - 03 - Dec16 (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108130\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-10 12:18:02 +0200 (Mon, 10 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2016-9855\", \"CVE-2016-9854\", \"CVE-2016-9853\", \"CVE-2016-9852\", \"CVE-2016-9851\");\n script_name(\"phpMyAdmin Multiple Security Vulnerabilities - 03 - Dec16 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple security vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.6.x prior to prior to 4.6.5, and 4.4.x prior to 4.4.15.9.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.6.5 or 4.4.15.9.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.4\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.4.15.9\" ) ) {\n vuln = TRUE;\n fix = \"4.4.15.9\";\n }\n}\n\nif( vers =~ \"^4\\.6\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.6.5\" ) ) {\n vuln = TRUE;\n fix = \"4.6.5\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "mageia": [{"lastseen": "2023-06-03T15:12:47", "description": "In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies (CVE-2016-9847). In phpMyAdmin before 4.4.15.9, phpinfo.php shows PHP information including values of sensitive HttpOnly cookies (CVE-2016-9848). In phpMyAdmin before 4.4.15.9, it is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username (CVE-2016-9849). In phpMyAdmin before 4.4.15.9, a vulnerability in username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time (CVE-2016-9850). In phpMyAdmin before 4.4.15.9, with a crafted request parameter value it is possible to bypass the logout timeout (CVE-2016-9851). In phpMyAdmin before 4.4.15.9, by calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin is written to the export file (CVE-2016-9852, CVE-2016-9853, CVE-2016-9854, CVE-2016-9855). In phpMyAdmin before 4.4.15.9, several XSS vulnerabilities have been reported, including an improper fix for PMASA-2016-10 and a weakness in a regular expression using in some JavaScript processing (CVE-2016-9856, CVE-2016-9857). In phpMyAdmin before 4.4.15.9, with a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature (CVE-2016-9858). In phpMyAdmin before 4.4.15.9, with a crafted request parameter value it is possible to initiate a denial of service attack in import feature (CVE-2016-9859). In phpMyAdmin before 4.4.15.9, an unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true; (CVE-2016-9860). In phpMyAdmin before 4.4.15.9, due to the limitation in URL matching, it was possible to bypass the URL white-list protection (CVE-2016-9861). In phpMyAdmin before 4.4.15.9, with a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the mysql database (CVE-2016-9864). In phpMyAdmin before 4.4.15.9, due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function (CVE-2016-9865). In phpMyAdmin before 4.4.15.9, when the arg_separator is different from its default value of &, the token was not properly stripped from the return URL of the preference import action (CVE-2016-9866). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-09T08:42:46", "type": "mageia", "title": "Updated phpmyadmin packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9847", "CVE-2016-9848", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9851", "CVE-2016-9852", "CVE-2016-9853", "CVE-2016-9854", "CVE-2016-9855", "CVE-2016-9856", "CVE-2016-9857", "CVE-2016-9858", "CVE-2016-9859", "CVE-2016-9860", "CVE-2016-9861", "CVE-2016-9864", "CVE-2016-9865", "CVE-2016-9866"], "modified": "2016-12-09T08:42:46", "id": "MGASA-2016-0416", "href": "https://advisories.mageia.org/MGASA-2016-0416.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-19T14:13:54", "description": "According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities.\n\n - An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9847)\n\n - An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9848)\n\n - An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9849)\n\n - An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9850)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n (CVE-2016-9851)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the curl wrapper issue. (CVE-2016-9852)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the fopen wrapper issue. (CVE-2016-9853)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the json_decode issue. (CVE-2016-9854)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the PMA_shutdownDuringExport issue. (CVE-2016-9855)\n\n - An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10.\n This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.\n (CVE-2016-9856)\n\n - An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9857)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9858)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9859)\n\n - An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9860)\n\n - An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9861)\n\n - An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. (CVE-2016-9862)\n\n - An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.\n (CVE-2016-9863)\n\n - An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.\n (CVE-2016-9864)\n\n - An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9865)\n\n - An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9866)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-07T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2559", "CVE-2016-9847", "CVE-2016-9848", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9851", "CVE-2016-9852", "CVE-2016-9853", "CVE-2016-9854", "CVE-2016-9855", "CVE-2016-9856", "CVE-2016-9857", "CVE-2016-9858", "CVE-2016-9859", "CVE-2016-9860", "CVE-2016-9861", "CVE-2016-9862", "CVE-2016-9863", "CVE-2016-9864", "CVE-2016-9865", "CVE-2016-9866"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_4_6_5.NASL", "href": "https://www.tenable.com/plugins/nessus/143532", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143532);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-9847\",\n \"CVE-2016-9848\",\n \"CVE-2016-9849\",\n \"CVE-2016-9850\",\n \"CVE-2016-9851\",\n \"CVE-2016-9852\",\n \"CVE-2016-9853\",\n \"CVE-2016-9854\",\n \"CVE-2016-9855\",\n \"CVE-2016-9856\",\n \"CVE-2016-9857\",\n \"CVE-2016-9858\",\n \"CVE-2016-9859\",\n \"CVE-2016-9860\",\n \"CVE-2016-9861\",\n \"CVE-2016-9862\",\n \"CVE-2016-9863\",\n \"CVE-2016-9864\",\n \"CVE-2016-9865\",\n \"CVE-2016-9866\"\n );\n script_bugtraq_id(\n 94521,\n 94523,\n 94524,\n 94525,\n 94526,\n 94527,\n 94528,\n 94529,\n 94530,\n 94531,\n 94533,\n 94534,\n 94535,\n 94536\n );\n\n script_name(english:\"phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to\n4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities.\n\n - An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting\n cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is\n created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and\n potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to\n 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9847)\n\n - An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of\n HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x\n versions (prior to 4.0.10.18) are affected. (CVE-2016-9848)\n\n - An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction\n ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All\n 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to\n 4.0.10.18) are affected. (CVE-2016-9849)\n\n - An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong\n matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions\n (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are\n affected. (CVE-2016-9850)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the\n logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n (CVE-2016-9851)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the curl wrapper issue. (CVE-2016-9852)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the fopen wrapper issue. (CVE-2016-9853)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the json_decode issue. (CVE-2016-9854)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the PMA_shutdownDuringExport issue. (CVE-2016-9855)\n\n - An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10.\n This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to\n 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.\n (CVE-2016-9856)\n\n - An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used\n in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9),\n and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9857)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a\n denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions\n (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9858)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a\n denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to\n 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9859)\n\n - An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when\n phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x\n versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9860)\n\n - An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass\n the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9),\n and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9861)\n\n - An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the\n login page. All 4.6.x versions (prior to 4.6.5) are affected. (CVE-2016-9862)\n\n - An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is\n possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.\n (CVE-2016-9863)\n\n - An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject\n SQL statements in the tracking functionality that would run with the privileges of the control user. This\n gives read and write access to the tables of the configuration storage database, and if the control user\n has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior\n to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.\n (CVE-2016-9864)\n\n - An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to\n bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5),\n 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9865)\n\n - An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the\n CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x\n versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are\n affected. (CVE-2016-9866)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-58/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-59/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-60/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-61/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-62/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-63/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-64/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-65/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-66/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-67/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-68/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-69/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-70/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-71/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin version 4.0.10.18 / 4.4.15.9 / 4.6.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9865\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 352, 400, 601, 661);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::get_app_info(app:'phpMyAdmin', port:port, webapp:TRUE);\n\nconstraints = [\n { 'min_version' : '4.0.0', 'fixed_version' : '4.0.10.18' },\n { 'min_version' : '4.4.0', 'fixed_version' : '4.4.15.9' },\n { 'min_version' : '4.6.0', 'fixed_version' : '4.6.5' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{sqli:TRUE, xss:TRUE, xsrf:TRUE});\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-13T15:45:58", "description": "The remote host is affected by the vulnerability described in GLSA-201701-32 (phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A authenticated remote attacker could exploit these vulnerabilities to execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site Scripting attacks.\n In certain configurations, an unauthenticated remote attacker could cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "nessus", "title": "GLSA-201701-32 : phpMyAdmin: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4412", "CVE-2016-5097", "CVE-2016-5098", "CVE-2016-5099", "CVE-2016-5701", "CVE-2016-5702", "CVE-2016-5703", "CVE-2016-5704", "CVE-2016-5705", "CVE-2016-5706", "CVE-2016-5730", "CVE-2016-5731", "CVE-2016-5732", "CVE-2016-5733", "CVE-2016-5734", "CVE-2016-5739", "CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633", "CVE-2016-9847", "CVE-2016-9848", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9851", "CVE-2016-9852", "CVE-2016-9853", "CVE-2016-9854", "CVE-2016-9855", "CVE-2016-9856", "CVE-2016-9857", "CVE-2016-9858", "CVE-2016-9859", "CVE-2016-9860", "CVE-2016-9861", "CVE-2016-9862", "CVE-2016-9863", "CVE-2016-9864", "CVE-2016-9865", "CVE-2016-9866"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:phpmyadmin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-32.NASL", "href": "https://www.tenable.com/plugins/nessus/96426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-32.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96426);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4412\", \"CVE-2016-5097\", \"CVE-2016-5098\", \"CVE-2016-5099\", \"CVE-2016-5701\", \"CVE-2016-5702\", \"CVE-2016-5703\", \"CVE-2016-5704\", \"CVE-2016-5705\", \"CVE-2016-5706\", \"CVE-2016-5730\", \"CVE-2016-5731\", \"CVE-2016-5732\", \"CVE-2016-5733\", \"CVE-2016-5734\", \"CVE-2016-5739\", \"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6608\", \"CVE-2016-6609\", \"CVE-2016-6610\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6614\", \"CVE-2016-6615\", \"CVE-2016-6616\", \"CVE-2016-6617\", \"CVE-2016-6618\", \"CVE-2016-6619\", \"CVE-2016-6620\", \"CVE-2016-6622\", \"CVE-2016-6623\", \"CVE-2016-6624\", \"CVE-2016-6625\", \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6629\", \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-6633\", \"CVE-2016-9847\", \"CVE-2016-9848\", \"CVE-2016-9849\", \"CVE-2016-9850\", \"CVE-2016-9851\", \"CVE-2016-9852\", \"CVE-2016-9853\", \"CVE-2016-9854\", \"CVE-2016-9855\", \"CVE-2016-9856\", \"CVE-2016-9857\", \"CVE-2016-9858\", \"CVE-2016-9859\", \"CVE-2016-9860\", \"CVE-2016-9861\", \"CVE-2016-9862\", \"CVE-2016-9863\", \"CVE-2016-9864\", \"CVE-2016-9865\", \"CVE-2016-9866\");\n script_xref(name:\"GLSA\", value:\"201701-32\");\n\n script_name(english:\"GLSA-201701-32 : phpMyAdmin: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-32\n(phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in phpMyAdmin. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A authenticated remote attacker could exploit these vulnerabilities to\n execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site\n Scripting attacks.\n In certain configurations, an unauthenticated remote attacker could\n cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All phpMyAdmin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-4.6.5.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'phpMyAdmin Authenticated Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/phpmyadmin\", unaffected:make_list(\"ge 4.6.5.1\"), vulnerable:make_list(\"lt 4.6.5.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2023-06-03T15:08:32", "description": "### Background\n\nphpMyAdmin is a web-based management tool for MySQL databases.\n\n### Description\n\nMultiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA authenticated remote attacker could exploit these vulnerabilities to execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site Scripting attacks. \n\nIn certain configurations, an unauthenticated remote attacker could cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll phpMyAdmin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/phpmyadmin-4.6.5.1\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-11T00:00:00", "type": "gentoo", "title": "phpMyAdmin: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4412", "CVE-2016-5097", "CVE-2016-5098", "CVE-2016-5099", "CVE-2016-5701", "CVE-2016-5702", "CVE-2016-5703", "CVE-2016-5704", "CVE-2016-5705", "CVE-2016-5706", "CVE-2016-5730", "CVE-2016-5731", "CVE-2016-5732", "CVE-2016-5733", "CVE-2016-5734", "CVE-2016-5739", "CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633", "CVE-2016-9847", "CVE-2016-9848", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9851", "CVE-2016-9852", "CVE-2016-9853", "CVE-2016-9854", "CVE-2016-9855", "CVE-2016-9856", "CVE-2016-9857", "CVE-2016-9858", "CVE-2016-9859", "CVE-2016-9860", "CVE-2016-9861", "CVE-2016-9862", "CVE-2016-9863", "CVE-2016-9864", "CVE-2016-9865", "CVE-2016-9866"], "modified": "2017-01-11T00:00:00", "id": "GLSA-201701-32", "href": "https://security.gentoo.org/glsa/201701-32", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2016-9855
