Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.PHPMYADMIN_PMASA_2012_6.NASL
HistoryOct 23, 2012 - 12:00 a.m.

phpMyAdmin 3.5.x < 3.5.3 Multiple Vulnerabilities (PMASA-2012-6 - PMASA-2012-7)

2012-10-2300:00:00
This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
50

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

49.2%

JSON

According to its self-identified version number, the phpMyAdmin 3.5.x install hosted on the remote web server is earlier than 3.5.3 and is, therefore, affected by multiple vulnerabilities :

  • When creating or modifying a trigger, event, or procedure with a crafted name, it is possible for a user to trigger a cross-site scripting (XSS) attack.

  • A man-in-the-middle (MITM) attack is possible when fetching the version information from a non-SSL site.
    To display information about the current phpMyAdmin version, a piece of JavaScript is fetched from the phpmyadmin.net website in non-SSL mode. A MITM attack could modify this script on the wire.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(62663);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2012-5339", "CVE-2012-5368");
  script_bugtraq_id(55925, 55939);

  script_name(english:"phpMyAdmin 3.5.x < 3.5.3 Multiple Vulnerabilities (PMASA-2012-6 - PMASA-2012-7)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts a PHP application that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-identified version number, the phpMyAdmin 3.5.x
install hosted on the remote web server is earlier than 3.5.3 and is,
therefore, affected by multiple vulnerabilities :
 
  - When creating or modifying a trigger, event, or
    procedure with a crafted name, it is possible for a user
    to trigger a cross-site scripting (XSS) attack.

  - A man-in-the-middle (MITM) attack is possible when
    fetching the version information from a non-SSL site.
    To display information about the current phpMyAdmin
    version, a piece of JavaScript is fetched from the
    phpmyadmin.net website in non-SSL mode. A MITM attack 
    could modify this script on the wire.");
  script_set_attribute(attribute:"see_also", value:"http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php");
  script_set_attribute(attribute:"see_also", value:"http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php");
  script_set_attribute(attribute:"solution", value:
"Either upgrade to phpMyAdmin 3.5.3 or later, or apply the patches from
the referenced links.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5368");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/23");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:phpmyadmin:phpmyadmin");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("phpMyAdmin_detect.nasl");
  script_require_keys("www/PHP", "www/phpMyAdmin", "Settings/ParanoidReport");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80, php:TRUE);

install = get_install_from_kb(appname:"phpMyAdmin", port:port, exit_on_fail:TRUE);
dir = install['dir'];
version = install['ver'];
location = build_url(qs:dir, port:port);

if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, "phpMyAdmin", location);

if (version =~ "^3(\.5)?$")
  exit(1, "The version of phpMyAdmin located at "+ location +" ("+ version +") is not granular enough.");

if (
  # 3.5.x < 3.5.3
  # ensure to flag 3.5.3-rc1 as vulnerable but not 3.5.3
  version =~ "^3\.5\.([0-2]([^0-9]|$)|3-rc1)"
)
{
  set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' + location +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 3.5.3' +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, "phpMyAdmin", location, version);

Related

openvas 4
nessus 2
freebsd 1
cvelist 2
debiancve 2
phpmyadmin 2
nvd 2
osv 3
cve 2
prion 2
github 2
ubuntucve 2
seebug 1
openvas
openvas
phpMyAdmin 3.5.x < 3.5.3 Multiple Vulnerabilities (PMASA-2012-6, PMASA-2012-7) - Linux
2017-09-11 00:00:00
FreeBSD Ports: phpMyAdmin
2012-10-22 00:00:00
phpMyAdmin 3.5.x < 3.5.3 Multiple Vulnerabilities (PMASA-2012-6, PMASA-2012-7) - Windows
2017-09-11 00:00:00
nessus
nessus
openSUSE Security Update : phpMyAdmin (openSUSE-SU-2012:1507-1)
2014-06-13 00:00:00
FreeBSD : phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack (ef417da3-1640-11e2-999b-e0cb4e266481)
2012-10-15 00:00:00
freebsd
freebsd
phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack
2012-10-08 00:00:00
cvelist
cvelist
CVE-2012-5368
2012-10-25 10:00:00
CVE-2012-5339
2012-10-25 10:00:00
debiancve
debiancve
CVE-2012-5368
2012-10-25 10:51:29
CVE-2012-5339
2012-10-25 10:51:28
phpmyadmin
phpmyadmin
Fetching the version information from a non-SSL site is vulnerable to a MITM attack.
2012-10-12 00:00:00
Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages.
2012-10-12 00:00:00
nvd
nvd
CVE-2012-5368
2012-10-25 10:51:29
CVE-2012-5339
2012-10-25 10:51:28
osv
osv
phpMyAdmin Unsafe Fetching of Javascript Code
2022-05-17 05:16:32
phpMyAdmin multiple cross-site scripting vulnerabilities
2022-05-17 05:16:32
phpMyAdmin-4.6.5.2-1.1 on GA media
2024-06-15 00:00:00
cve
cve
CVE-2012-5368
2012-10-25 10:51:29
CVE-2012-5339
2012-10-25 10:51:28
prion
prion
Cross site scripting
2012-10-25 10:51:00
Cross site scripting
2012-10-25 10:51:00
github
github
phpMyAdmin Unsafe Fetching of Javascript Code
2022-05-17 05:16:32
phpMyAdmin multiple cross-site scripting vulnerabilities
2022-05-17 05:16:32
ubuntucve
ubuntucve
CVE-2012-5368
2012-10-25 00:00:00
CVE-2012-5339
2012-10-25 00:00:00
seebug
seebug
phpMyAdmin 3.5.x HTML注入漏洞
2012-10-16 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

49.2%

JSON
Related for PHPMYADMIN_PMASA_2012_6.NASL
openvas4nessus2freebsd1cvelist2debiancve2phpmyadmin2nvd2osv3cve2prion2github2ubuntucve2seebug1