phpMyAdmin -- multiple vulnerabilities

ID ED10ED3F-FDDC-11E8-94CF-6805CA0B3D42
Type freebsd
Reporter FreeBSD
Modified 2018-12-11T00:00:00


The phpMyAdmin development team reports:

Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. Severity We consider this vulnerability to be severe.

Summary XSRF/CSRF vulnerability in phpMyAdmin Description By deceiving a user to click on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. Severity We consider this vulnerability to be of moderate severity.

Summary XSS vulnerability in navigation tree Description A Cross-Site Scripting vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a specially-crafted database/table name. Severity We consider this attack to be of moderate severity. Mitigation factor The stored XSS vulnerabilities can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required forms.