Lucene search

K
gentooGentoo FoundationGLSA-201505-03
HistoryMay 31, 2015 - 12:00 a.m.

phpMyAdmin: Multiple vulnerabilities

2015-05-3100:00:00
Gentoo Foundation
security.gentoo.org
15

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.5%

Background

phpMyAdmin is a web-based management tool for MySQL databases.

Description

Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details.

Impact

A remote authenticated attacker could exploit these vulnerabilities to include and execute arbitrary local files via a crafted parameter, inject SQL code, or to conduct Cross-Site Scripting attacks.

Workaround

There is no known workaround at this time.

Resolution

All phpMyAdmin 4.2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.2.13"

All phpMyAdmin 4.1 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.1.14.7"

All phpMyAdmin 4.0 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.0.10.6"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/phpmyadmin<ย 4.2.13UNKNOWN

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.5%