ID OPENVAS:1361412562310807486 Type openvas Reporter Copyright (C) 2016 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for phpMyAdmin FEDORA-2016-65
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.807486");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2016-03-10 06:12:57 +0100 (Thu, 10 Mar 2016)");
script_cve_id("CVE-2016-2562", "CVE-2016-2559", "CVE-2016-2561", "CVE-2016-2560");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_tag(name:"qod_type", value:"package");
script_name("Fedora Update for phpMyAdmin FEDORA-2016-65");
script_tag(name:"summary", value:"The remote host is missing an update for the 'phpMyAdmin'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"affected", value:"phpMyAdmin on Fedora 23");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"FEDORA", value:"2016-65");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC23");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC23")
{
if ((res = isrpmvuln(pkg:"phpMyAdmin", rpm:"phpMyAdmin~4.5.5.1~1.fc23", rls:"FC23")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310807486", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for phpMyAdmin FEDORA-2016-65", "description": "The remote host is missing an update for the ", "published": "2016-03-10T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807486", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["2016-65", "https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html"], "cvelist": ["CVE-2016-2559", "CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2560"], "lastseen": "2019-05-29T18:35:44", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "freebsd", "idList": ["F682A506-DF7C-11E5-81E4-6805CA0B3D42"]}, {"type": "fedora", "idList": ["FEDORA:AD6076176001", "FEDORA:B92906176004", "FEDORA:9CA3361067FF", "FEDORA:AF5636108A5F"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-481.NASL", "FREEBSD_PKG_F682A506DF7C11E581E46805CA0B3D42.NASL", "DEBIAN_DSA-3627.NASL", "FEDORA_2016-02EE5B4002.NASL", "OPENSUSE-2016-305.NASL", "PHPMYADMIN_PMASA_4_6_5.NASL", "FEDORA_2016-65DA02B95C.NASL", "OPENSUSE-2016-304.NASL", "PHPMYADMIN_PMASA_4_5_5_1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310807592", "OPENVAS:1361412562310131245", "OPENVAS:1361412562310807593", "OPENVAS:1361412562310807595", "OPENVAS:1361412562310807597", "OPENVAS:1361412562310807495", "OPENVAS:1361412562310807594", "OPENVAS:1361412562310807596", "OPENVAS:1361412562310807484", "OPENVAS:1361412562310807498"]}, {"type": "cve", "idList": ["CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2559", "CVE-2016-2560"]}, {"type": "phpmyadmin", "idList": ["PHPMYADMIN:PMASA-2016-11", "PHPMYADMIN:PMASA-2016-13", "PHPMYADMIN:PMASA-2016-10", "PHPMYADMIN:PMASA-2016-65", "PHPMYADMIN:PMASA-2016-12"]}, {"type": "debian", "idList": ["DEBIAN:DLA-481-1:91517", "DEBIAN:DSA-3627-1:EBE43", "DEBIAN:DLA-481-2:3E1D6"]}], "modified": "2019-05-29T18:35:44", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2019-05-29T18:35:44", "rev": 2}, "vulnersScore": 5.8}, "pluginID": "1361412562310807486", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2016-65\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807486\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 06:12:57 +0100 (Thu, 10 Mar 2016)\");\n script_cve_id(\"CVE-2016-2562\", \"CVE-2016-2559\", \"CVE-2016-2561\", \"CVE-2016-2560\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2016-65\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-65\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.5.5.1~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"freebsd": [{"lastseen": "2019-05-29T18:32:48", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2559", "CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2560"], "description": "\nThe phpMyAdmin development team reports:\n\nXSS vulnerability in SQL parser.\nUsing a crafted SQL query, it is possible to trigger an XSS\n\t attack through the SQL query page.\nWe consider this vulnerability to be non-critical.\n\n\nMultiple XSS vulnerabilities.\nBy sending a specially crafted URL as part of the HOST\n\t header, it is possible to trigger an XSS attack.\nA weakness was found that allows an XSS attack with Internet\n\t Explorer versions older than 8 and Safari on Windows using a\n\t specially crafted URL.\nUsing a crafted SQL query, it is possible to trigger an XSS\n\t attack through the SQL query page.\nUsing a crafted parameter value, it is possible to trigger\n\t an XSS attack in user accounts page.\nUsing a crafted parameter value, it is possible to trigger\n\t an XSS attack in zoom search page.\nWe consider this vulnerability to be non-critical.\n\n\nMultiple XSS vulnerabilities.\nWith a crafted table/column name it is possible to trigger\n\t an XSS attack in the database normalization page.\nWith a crafted parameter it is possible to trigger an XSS\n\t attack in the database structure page.\nWith a crafted parameter it is possible to trigger an XSS\n\t attack in central columns page.\nWe consider this vulnerability to be non-critical.\n\n\nVulnerability allowing man-in-the-middle attack on API\n\t call to GitHub.\nA vulnerability in the API call to GitHub can be exploited\n\t to perform a man-in-the-middle attack.\nWe consider this vulnerability to be serious.\n\n", "edition": 4, "modified": "2016-02-29T00:00:00", "published": "2016-02-29T00:00:00", "id": "F682A506-DF7C-11E5-81E4-6805CA0B3D42", "href": "https://vuxml.freebsd.org/freebsd/f682a506-df7c-11e5-81e4-6805ca0b3d42.html", "title": "phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability", "type": "freebsd", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2559", "CVE-2016-2560", "CVE-2016-2561", "CVE-2016-2562"], "description": "A validating SQL lexer and parser with a focus on MySQL dialect. This library was originally developed for phpMyAdmin during the Google Summer of Code 2015. To use this library, you just have to add, in your project: require_once '/usr/share/php/SqlParser/autoload.php'; ", "modified": "2016-03-09T20:16:08", "published": "2016-03-09T20:16:08", "id": "FEDORA:AD6076176001", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: php-udan11-sql-parser-3.4.0-1.fc23", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2559", "CVE-2016-2560", "CVE-2016-2561", "CVE-2016-2562"], "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "modified": "2016-03-14T00:20:48", "published": "2016-03-14T00:20:48", "id": "FEDORA:9CA3361067FF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.5.1-1.fc22", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2559", "CVE-2016-2560", "CVE-2016-2561", "CVE-2016-2562"], "description": "A validating SQL lexer and parser with a focus on MySQL dialect. This library was originally developed for phpMyAdmin during the Google Summer of Code 2015. To use this library, you just have to add, in your project: require_once '/usr/share/php/SqlParser/autoload.php'; ", "modified": "2016-03-14T00:20:48", "published": "2016-03-14T00:20:48", "id": "FEDORA:AF5636108A5F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: php-udan11-sql-parser-3.4.0-1.fc22", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2559", "CVE-2016-2560", "CVE-2016-2561", "CVE-2016-2562"], "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "modified": "2016-03-09T20:16:08", "published": "2016-03-09T20:16:08", "id": "FEDORA:B92906176004", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: phpMyAdmin-4.5.5.1-1.fc23", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2020-12-09T13:25:07", "description": "According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to\n4.0.10.15, 4.4.x prior to 4.4.15.5, or 4.5.x prior to 4.5.5.1. It is, therefore, affected by multiple vulnerabilities.\n\n - Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-\n parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote\n authenticated users to inject arbitrary web script or HTML via a crafted query. (CVE-2016-2559)\n\n - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before\n 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a\n crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to\n file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to\n libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to\n libraries/controllers/TableSearchController.class.php in the zoom search page. (CVE-2016-2560)\n\n - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before\n 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php\n or (2) js/normalization.js in the database normalization page, (3)\n templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos\n parameter to db_central_columns.php in the central columns page. (CVE-2016-2561)\n\n - The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify\n X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof\n these servers and obtain sensitive information via a crafted certificate. (CVE-2016-2562)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-12-07T00:00:00", "title": "phpMyAdmin 4.0.x < 4.0.10.15 / 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2560"], "modified": "2020-12-07T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_4_5_5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/143489", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143489);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/08\");\n\n script_cve_id(\n \"CVE-2016-2559\",\n \"CVE-2016-2560\",\n \"CVE-2016-2561\",\n \"CVE-2016-2562\"\n );\n script_bugtraq_id(\n 83704,\n 83711,\n 83717,\n 83718\n );\n\n script_name(english:\"phpMyAdmin 4.0.x < 4.0.10.15 / 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to\n4.0.10.15, 4.4.x prior to 4.4.15.5, or 4.5.x prior to 4.5.5.1. It is, therefore, affected by multiple vulnerabilities.\n\n - Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-\n parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote\n authenticated users to inject arbitrary web script or HTML via a crafted query. (CVE-2016-2559)\n\n - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before\n 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a\n crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to\n file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to\n libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to\n libraries/controllers/TableSearchController.class.php in the zoom search page. (CVE-2016-2560)\n\n - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before\n 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php\n or (2) js/normalization.js in the database normalization page, (3)\n templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos\n parameter to db_central_columns.php in the central columns page. (CVE-2016-2561)\n\n - The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify\n X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof\n these servers and obtain sensitive information via a crafted certificate. (CVE-2016-2562)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-10/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-12/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-13/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin version 4.0.10.15 / 4.4.15.5 / 4.5.5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2562\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(79, 295, 661);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::get_app_info(app:'phpMyAdmin', port:port, webapp:TRUE);\n\nconstraints = [\n { 'min_version' : '4.0.0', 'fixed_version' : '4.0.10.15' },\n { 'min_version' : '4.4.0', 'fixed_version' : '4.4.15.5' },\n { 'min_version' : '4.5.0', 'fixed_version' : '4.5.5.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE});\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:20", "description": "phpMyAdmin 4.5.5.1 (2016-02-29) =============================== This\nrelease fixes multiple XSS vulnerabilities, please see PMASA-2016-10,\nPMASA-2016-11, and PMASA-2016-12 for details; additionally it fixes a\nvulnerability allowing man- in-the-middle attack on an API call to\nGitHub, see PMASA-2016-13 for details. It also inclues fixes for the\nfollowing bugs: - issue #11971 CREATE UNIQUE INDEX index type is not\nrecognized by parser. - issue #11982 Row count wrong when grouping\njoined tables. - issue #12012 Column definition with default value and\ncomment in CREATE TABLE exported faulty. - issue #12020 New statement\nbut no delimiter and unexpected token with REPLACE. - issue #12029\nFixed incorrect usage of SQL parser context in SQL export - issue\n#12048 Fixed inclusion of gettext library from SQL parser\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2016-03-10T00:00:00", "title": "Fedora 23 : php-udan11-sql-parser-3.4.0-1.fc23 / phpMyAdmin-4.5.5.1-1.fc23 (2016-65da02b95c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2560"], "modified": "2016-03-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-udan11-sql-parser", "cpe:/o:fedoraproject:fedora:23", "p-cpe:/a:fedoraproject:fedora:phpMyAdmin"], "id": "FEDORA_2016-65DA02B95C.NASL", "href": "https://www.tenable.com/plugins/nessus/89801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-65da02b95c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89801);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2559\", \"CVE-2016-2560\", \"CVE-2016-2561\", \"CVE-2016-2562\");\n script_xref(name:\"FEDORA\", value:\"2016-65da02b95c\");\n\n script_name(english:\"Fedora 23 : php-udan11-sql-parser-3.4.0-1.fc23 / phpMyAdmin-4.5.5.1-1.fc23 (2016-65da02b95c)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.5.5.1 (2016-02-29) =============================== This\nrelease fixes multiple XSS vulnerabilities, please see PMASA-2016-10,\nPMASA-2016-11, and PMASA-2016-12 for details; additionally it fixes a\nvulnerability allowing man- in-the-middle attack on an API call to\nGitHub, see PMASA-2016-13 for details. It also inclues fixes for the\nfollowing bugs: - issue #11971 CREATE UNIQUE INDEX index type is not\nrecognized by parser. - issue #11982 Row count wrong when grouping\njoined tables. - issue #12012 Column definition with default value and\ncomment in CREATE TABLE exported faulty. - issue #12020 New statement\nbut no delimiter and unexpected token with REPLACE. - issue #12029\nFixed incorrect usage of SQL parser context in SQL export - issue\n#12048 Fixed inclusion of gettext library from SQL parser\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1313221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1313224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1313695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1313696\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5846dba5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178564.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f797dc5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected php-udan11-sql-parser and / or phpMyAdmin\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-udan11-sql-parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"php-udan11-sql-parser-3.4.0-1.fc23\")) flag++;\nif (rpm_check(release:\"FC23\", reference:\"phpMyAdmin-4.5.5.1-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-udan11-sql-parser / phpMyAdmin\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:13:57", "description": "phpMyAdmin 4.5.5.1 (2016-02-29) =============================== This\nrelease fixes multiple XSS vulnerabilities, please see PMASA-2016-10,\nPMASA-2016-11, and PMASA-2016-12 for details; additionally it fixes a\nvulnerability allowing man- in-the-middle attack on an API call to\nGitHub, see PMASA-2016-13 for details. It also inclues fixes for the\nfollowing bugs: - issue #11971 CREATE UNIQUE INDEX index type is not\nrecognized by parser. - issue #11982 Row count wrong when grouping\njoined tables. - issue #12012 Column definition with default value and\ncomment in CREATE TABLE exported faulty. - issue #12020 New statement\nbut no delimiter and unexpected token with REPLACE. - issue #12029\nFixed incorrect usage of SQL parser context in SQL export - issue\n#12048 Fixed inclusion of gettext library from SQL parser\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2016-03-14T00:00:00", "title": "Fedora 22 : php-udan11-sql-parser-3.4.0-1.fc22 / phpMyAdmin-4.5.5.1-1.fc22 (2016-02ee5b4002)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2560"], "modified": "2016-03-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-udan11-sql-parser", "cpe:/o:fedoraproject:fedora:22", "p-cpe:/a:fedoraproject:fedora:phpMyAdmin"], "id": "FEDORA_2016-02EE5B4002.NASL", "href": "https://www.tenable.com/plugins/nessus/89879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-02ee5b4002.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89879);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2559\", \"CVE-2016-2560\", \"CVE-2016-2561\", \"CVE-2016-2562\");\n script_xref(name:\"FEDORA\", value:\"2016-02ee5b4002\");\n\n script_name(english:\"Fedora 22 : php-udan11-sql-parser-3.4.0-1.fc22 / phpMyAdmin-4.5.5.1-1.fc22 (2016-02ee5b4002)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.5.5.1 (2016-02-29) =============================== This\nrelease fixes multiple XSS vulnerabilities, please see PMASA-2016-10,\nPMASA-2016-11, and PMASA-2016-12 for details; additionally it fixes a\nvulnerability allowing man- in-the-middle attack on an API call to\nGitHub, see PMASA-2016-13 for details. It also inclues fixes for the\nfollowing bugs: - issue #11971 CREATE UNIQUE INDEX index type is not\nrecognized by parser. - issue #11982 Row count wrong when grouping\njoined tables. - issue #12012 Column definition with default value and\ncomment in CREATE TABLE exported faulty. - issue #12020 New statement\nbut no delimiter and unexpected token with REPLACE. - issue #12029\nFixed incorrect usage of SQL parser context in SQL export - issue\n#12048 Fixed inclusion of gettext library from SQL parser\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1310918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1313225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1313698\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e93060f2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178872.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce4a66fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected php-udan11-sql-parser and / or phpMyAdmin\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-udan11-sql-parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"php-udan11-sql-parser-3.4.0-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"phpMyAdmin-4.5.5.1-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-udan11-sql-parser / phpMyAdmin\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-06T10:59:47", "description": "The phpMyAdmin development team reports :\n\nXSS vulnerability in SQL parser.\n\nUsing a crafted SQL query, it is possible to trigger an XSS attack\nthrough the SQL query page.\n\nWe consider this vulnerability to be non-critical.\n\nMultiple XSS vulnerabilities.\n\nBy sending a specially crafted URL as part of the HOST header, it is\npossible to trigger an XSS attack.\n\nA weakness was found that allows an XSS attack with Internet Explorer\nversions older than 8 and Safari on Windows using a specially crafted\nURL.\n\nUsing a crafted SQL query, it is possible to trigger an XSS attack\nthrough the SQL query page.\n\nUsing a crafted parameter value, it is possible to trigger an XSS\nattack in user accounts page.\n\nUsing a crafted parameter value, it is possible to trigger an XSS\nattack in zoom search page.\n\nWe consider this vulnerability to be non-critical.\n\nMultiple XSS vulnerabilities.\n\nWith a crafted table/column name it is possible to trigger an XSS\nattack in the database normalization page.\n\nWith a crafted parameter it is possible to trigger an XSS attack in\nthe database structure page.\n\nWith a crafted parameter it is possible to trigger an XSS attack in\ncentral columns page.\n\nWe consider this vulnerability to be non-critical.\n\nVulnerability allowing man-in-the-middle attack on API call to GitHub.\n\nA vulnerability in the API call to GitHub can be exploited to perform\na man-in-the-middle attack.\n\nWe consider this vulnerability to be serious.", "edition": 25, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2016-03-01T00:00:00", "title": "FreeBSD : phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability (f682a506-df7c-11e5-81e4-6805ca0b3d42)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2560"], "modified": "2016-03-01T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:phpmyadmin"], "id": "FREEBSD_PKG_F682A506DF7C11E581E46805CA0B3D42.NASL", "href": "https://www.tenable.com/plugins/nessus/89049", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89049);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2559\", \"CVE-2016-2560\", \"CVE-2016-2561\", \"CVE-2016-2562\");\n\n script_name(english:\"FreeBSD : phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability (f682a506-df7c-11e5-81e4-6805ca0b3d42)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin development team reports :\n\nXSS vulnerability in SQL parser.\n\nUsing a crafted SQL query, it is possible to trigger an XSS attack\nthrough the SQL query page.\n\nWe consider this vulnerability to be non-critical.\n\nMultiple XSS vulnerabilities.\n\nBy sending a specially crafted URL as part of the HOST header, it is\npossible to trigger an XSS attack.\n\nA weakness was found that allows an XSS attack with Internet Explorer\nversions older than 8 and Safari on Windows using a specially crafted\nURL.\n\nUsing a crafted SQL query, it is possible to trigger an XSS attack\nthrough the SQL query page.\n\nUsing a crafted parameter value, it is possible to trigger an XSS\nattack in user accounts page.\n\nUsing a crafted parameter value, it is possible to trigger an XSS\nattack in zoom search page.\n\nWe consider this vulnerability to be non-critical.\n\nMultiple XSS vulnerabilities.\n\nWith a crafted table/column name it is possible to trigger an XSS\nattack in the database normalization page.\n\nWith a crafted parameter it is possible to trigger an XSS attack in\nthe database structure page.\n\nWith a crafted parameter it is possible to trigger an XSS attack in\ncentral columns page.\n\nWe consider this vulnerability to be non-critical.\n\nVulnerability allowing man-in-the-middle attack on API call to GitHub.\n\nA vulnerability in the API call to GitHub can be exploited to perform\na man-in-the-middle attack.\n\nWe consider this vulnerability to be serious.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-10/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-11/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-12/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-13/\"\n );\n # https://vuxml.freebsd.org/freebsd/f682a506-df7c-11e5-81e4-6805ca0b3d42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e40ddd8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpmyadmin>=4.5.0<4.5.5.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T12:30:04", "description": "This update to phpMyAdmin 4.4.15.4 fixes the following security \nissues :\n\n - CVE-2016-2560: Multiple XSS vulnerabilities\n (PMASA-2016-11 boo#968938)\n\n - CVE-2016-2561: Multiple XSS vulnerabilities\n (PMASA-2016-12 boo#968941)", "edition": 18, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2016-03-07T00:00:00", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-2016-304)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2561", "CVE-2016-2560"], "modified": "2016-03-07T00:00:00", "cpe": ["cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:phpMyAdmin"], "id": "OPENSUSE-2016-304.NASL", "href": "https://www.tenable.com/plugins/nessus/89718", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-304.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89718);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2560\", \"CVE-2016-2561\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-2016-304)\");\n script_summary(english:\"Check for the openSUSE-2016-304 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to phpMyAdmin 4.4.15.4 fixes the following security \nissues :\n\n - CVE-2016-2560: Multiple XSS vulnerabilities\n (PMASA-2016-11 boo#968938)\n\n - CVE-2016-2561: Multiple XSS vulnerabilities\n (PMASA-2016-12 boo#968941)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968941\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"phpMyAdmin-4.4.15.5-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"phpMyAdmin-4.4.15.5-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:30:04", "description": "This update to phpMyAdmin 4.4.15.4 fixes the following security \nissues :\n\n - CVE-2016-2560: Multiple XSS vulnerabilities\n (PMASA-2016-11 boo#968938)\n\n - CVE-2016-2561: Multiple XSS vulnerabilities\n (PMASA-2016-12 boo#968941)", "edition": 18, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2016-03-07T00:00:00", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-2016-305)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2561", "CVE-2016-2560"], "modified": "2016-03-07T00:00:00", "cpe": ["cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:phpMyAdmin"], "id": "OPENSUSE-2016-305.NASL", "href": "https://www.tenable.com/plugins/nessus/89719", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-305.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89719);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2560\", \"CVE-2016-2561\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-2016-305)\");\n script_summary(english:\"Check for the openSUSE-2016-305 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to phpMyAdmin 4.4.15.4 fixes the following security \nissues :\n\n - CVE-2016-2560: Multiple XSS vulnerabilities\n (PMASA-2016-11 boo#968938)\n\n - CVE-2016-2561: Multiple XSS vulnerabilities\n (PMASA-2016-12 boo#968941)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968941\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"phpMyAdmin-4.4.15.5-52.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:49:43", "description": "Several vulnerabilities have been fixed in phpMyAdmin, the web-based\nMySQL administration interface.\n\n - CVE-2016-1927\n The suggestPassword function relied on a non-secure\n random number generator which makes it easier for remote\n attackers to guess generated passwords via a brute-force\n approach.\n\n - CVE-2016-2039\n CSRF token values were generated by a non-secure random\n number generator, which allows remote attackers to\n bypass intended access restrictions by predicting a\n value.\n\n - CVE-2016-2040\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote authenticated users to inject arbitrary web\n script or HTML.\n\n - CVE-2016-2041\n phpMyAdmin does not use a constant-time algorithm for\n comparing CSRF tokens, which makes it easier for remote\n attackers to bypass intended access restrictions by\n measuring time differences.\n\n - CVE-2016-2560\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-2561\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-5099\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-5701\n For installations running on plain HTTP, phpMyAdmin\n allows remote attackers to conduct BBCode injection\n attacks against HTTP sessions via a crafted URI.\n\n - CVE-2016-5705\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-5706\n phpMyAdmin allows remote attackers to cause a denial of\n service (resource consumption) via a large array in the\n scripts parameter.\n\n - CVE-2016-5731\n A cross-site scripting (XSS) vulnerability allows remote\n attackers to inject arbitrary web script or HTML.\n\n - CVE-2016-5733\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-5739\n A specially crafted Transformation could leak\n information which a remote attacker could use to perform\n cross site request forgeries.", "edition": 24, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-07-25T00:00:00", "title": "Debian DSA-3627-1 : phpmyadmin - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2040", "CVE-2016-5701", "CVE-2016-5731", "CVE-2016-2561", "CVE-2016-5705", "CVE-2016-1927", "CVE-2016-5099", "CVE-2016-2560", "CVE-2016-2039", "CVE-2016-5733", "CVE-2016-2041", "CVE-2016-5739", "CVE-2016-5706"], "modified": "2016-07-25T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:phpmyadmin"], "id": "DEBIAN_DSA-3627.NASL", "href": "https://www.tenable.com/plugins/nessus/92527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3627. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92527);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1927\", \"CVE-2016-2039\", \"CVE-2016-2040\", \"CVE-2016-2041\", \"CVE-2016-2560\", \"CVE-2016-2561\", \"CVE-2016-5099\", \"CVE-2016-5701\", \"CVE-2016-5705\", \"CVE-2016-5706\", \"CVE-2016-5731\", \"CVE-2016-5733\", \"CVE-2016-5739\");\n script_xref(name:\"DSA\", value:\"3627\");\n\n script_name(english:\"Debian DSA-3627-1 : phpmyadmin - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been fixed in phpMyAdmin, the web-based\nMySQL administration interface.\n\n - CVE-2016-1927\n The suggestPassword function relied on a non-secure\n random number generator which makes it easier for remote\n attackers to guess generated passwords via a brute-force\n approach.\n\n - CVE-2016-2039\n CSRF token values were generated by a non-secure random\n number generator, which allows remote attackers to\n bypass intended access restrictions by predicting a\n value.\n\n - CVE-2016-2040\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote authenticated users to inject arbitrary web\n script or HTML.\n\n - CVE-2016-2041\n phpMyAdmin does not use a constant-time algorithm for\n comparing CSRF tokens, which makes it easier for remote\n attackers to bypass intended access restrictions by\n measuring time differences.\n\n - CVE-2016-2560\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-2561\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-5099\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-5701\n For installations running on plain HTTP, phpMyAdmin\n allows remote attackers to conduct BBCode injection\n attacks against HTTP sessions via a crafted URI.\n\n - CVE-2016-5705\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-5706\n phpMyAdmin allows remote attackers to cause a denial of\n service (resource consumption) via a large array in the\n scripts parameter.\n\n - CVE-2016-5731\n A cross-site scripting (XSS) vulnerability allows remote\n attackers to inject arbitrary web script or HTML.\n\n - CVE-2016-5733\n Multiple cross-site scripting (XSS) vulnerabilities\n allow remote attackers to inject arbitrary web script or\n HTML.\n\n - CVE-2016-5739\n A specially crafted Transformation could leak\n information which a remote attacker could use to perform\n cross site request forgeries.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/phpmyadmin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3627\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the phpmyadmin packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 4:4.2.12-2+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"phpmyadmin\", reference:\"4:4.2.12-2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:43:48", "description": "The previous security upload broke the search pages in phpMyAdmin.\nThis was caused by a broken patch applied to fix CVE-2016-2040.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4:3.4.11.1-2+deb7u4.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-05-19T00:00:00", "title": "Debian DLA-481-2 : phpmyadmin regression update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2040", "CVE-2016-2038", "CVE-2016-1927", "CVE-2016-2560", "CVE-2016-2039", "CVE-2016-2041", "CVE-2016-2045"], "modified": "2016-05-19T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:phpmyadmin", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-481.NASL", "href": "https://www.tenable.com/plugins/nessus/91243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-481-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91243);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1927\", \"CVE-2016-2038\", \"CVE-2016-2039\", \"CVE-2016-2040\", \"CVE-2016-2041\", \"CVE-2016-2045\", \"CVE-2016-2560\");\n\n script_name(english:\"Debian DLA-481-2 : phpmyadmin regression update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous security upload broke the search pages in phpMyAdmin.\nThis was caused by a broken patch applied to fix CVE-2016-2040.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4:3.4.11.1-2+deb7u4.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/05/msg00048.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/phpmyadmin\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"phpmyadmin\", reference:\"4:3.4.11.1-2+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-22T05:11:52", "description": "According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to\n4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities.\n\n - An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting\n cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is\n created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and\n potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to\n 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9847)\n\n - An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of\n HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x\n versions (prior to 4.0.10.18) are affected. (CVE-2016-9848)\n\n - An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction\n ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All\n 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to\n 4.0.10.18) are affected. (CVE-2016-9849)\n\n - An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong\n matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions\n (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are\n affected. (CVE-2016-9850)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the\n logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n (CVE-2016-9851)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the curl wrapper issue. (CVE-2016-9852)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the fopen wrapper issue. (CVE-2016-9853)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the json_decode issue. (CVE-2016-9854)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the PMA_shutdownDuringExport issue. (CVE-2016-9855)\n\n - An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10.\n This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to\n 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.\n (CVE-2016-9856)\n\n - An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used\n in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9),\n and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9857)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a\n denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions\n (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9858)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a\n denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to\n 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9859)\n\n - An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when\n phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x\n versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9860)\n\n - An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass\n the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9),\n and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9861)\n\n - An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the\n login page. All 4.6.x versions (prior to 4.6.5) are affected. (CVE-2016-9862)\n\n - An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is\n possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.\n (CVE-2016-9863)\n\n - An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject\n SQL statements in the tracking functionality that would run with the privileges of the control user. This\n gives read and write access to the tables of the configuration storage database, and if the control user\n has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior\n to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.\n (CVE-2016-9864)\n\n - An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to\n bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5),\n 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9865)\n\n - An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the\n CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x\n versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are\n affected. (CVE-2016-9866)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-07T00:00:00", "title": "phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-9854", "CVE-2016-9853", "CVE-2016-9851", "CVE-2016-9848", "CVE-2016-9863", "CVE-2016-9860", "CVE-2016-9865", "CVE-2016-9852", "CVE-2016-9856", "CVE-2016-9847", "CVE-2016-9858", "CVE-2016-9850", "CVE-2016-9864", "CVE-2016-9859", "CVE-2016-9857", "CVE-2016-9855", "CVE-2016-9861", "CVE-2016-9849", "CVE-2016-9862", "CVE-2016-9866"], "modified": "2020-12-07T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_4_6_5.NASL", "href": "https://www.tenable.com/plugins/nessus/143532", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143532);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\n \"CVE-2016-9847\",\n \"CVE-2016-9848\",\n \"CVE-2016-9849\",\n \"CVE-2016-9850\",\n \"CVE-2016-9851\",\n \"CVE-2016-9852\",\n \"CVE-2016-9853\",\n \"CVE-2016-9854\",\n \"CVE-2016-9855\",\n \"CVE-2016-9856\",\n \"CVE-2016-9857\",\n \"CVE-2016-9858\",\n \"CVE-2016-9859\",\n \"CVE-2016-9860\",\n \"CVE-2016-9861\",\n \"CVE-2016-9862\",\n \"CVE-2016-9863\",\n \"CVE-2016-9864\",\n \"CVE-2016-9865\",\n \"CVE-2016-9866\"\n );\n script_bugtraq_id(\n 94521,\n 94523,\n 94524,\n 94525,\n 94526,\n 94527,\n 94528,\n 94529,\n 94530,\n 94531,\n 94533,\n 94534,\n 94535,\n 94536\n );\n\n script_name(english:\"phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to\n4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities.\n\n - An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting\n cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is\n created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and\n potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to\n 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9847)\n\n - An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of\n HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x\n versions (prior to 4.0.10.18) are affected. (CVE-2016-9848)\n\n - An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction\n ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All\n 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to\n 4.0.10.18) are affected. (CVE-2016-9849)\n\n - An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong\n matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions\n (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are\n affected. (CVE-2016-9850)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the\n logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n (CVE-2016-9851)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the curl wrapper issue. (CVE-2016-9852)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the fopen wrapper issue. (CVE-2016-9853)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the json_decode issue. (CVE-2016-9854)\n\n - An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an\n unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the\n full path of the directory where phpMyAdmin is installed. During an execution timeout in the export\n functionality, the errors containing the full path of the directory of phpMyAdmin are written to the\n export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.\n This CVE is for the PMA_shutdownDuringExport issue. (CVE-2016-9855)\n\n - An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10.\n This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to\n 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.\n (CVE-2016-9856)\n\n - An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used\n in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9),\n and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9857)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a\n denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions\n (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9858)\n\n - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a\n denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to\n 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9859)\n\n - An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when\n phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x\n versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9860)\n\n - An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass\n the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9),\n and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9861)\n\n - An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the\n login page. All 4.6.x versions (prior to 4.6.5) are affected. (CVE-2016-9862)\n\n - An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is\n possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.\n (CVE-2016-9863)\n\n - An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject\n SQL statements in the tracking functionality that would run with the privileges of the control user. This\n gives read and write access to the tables of the configuration storage database, and if the control user\n has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior\n to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.\n (CVE-2016-9864)\n\n - An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to\n bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5),\n 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. (CVE-2016-9865)\n\n - An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the\n CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x\n versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are\n affected. (CVE-2016-9866)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-58/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-59/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-60/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-61/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-62/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-63/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-64/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-65/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-66/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-67/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-68/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-69/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-70/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-71/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin version 4.0.10.18 / 4.4.15.9 / 4.6.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9865\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 352, 400, 601, 661);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::get_app_info(app:'phpMyAdmin', port:port, webapp:TRUE);\n\nconstraints = [\n { 'min_version' : '4.0.0', 'fixed_version' : '4.0.10.18' },\n { 'min_version' : '4.4.0', 'fixed_version' : '4.4.15.9' },\n { 'min_version' : '4.6.0', 'fixed_version' : '4.6.5' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{sqli:TRUE, xss:TRUE, xsrf:TRUE});\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2560"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310807495", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807495", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2016-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2016-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807495\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 06:07:45 +0100 (Mon, 14 Mar 2016)\");\n script_cve_id(\"CVE-2016-2559\", \"CVE-2016-2562\", \"CVE-2016-2560\", \"CVE-2016-2561\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2016-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-02\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.5.5.1~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2560"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-03-10T00:00:00", "id": "OPENVAS:1361412562310807484", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807484", "type": "openvas", "title": "Fedora Update for php-udan11-sql-parser FEDORA-2016-65", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-udan11-sql-parser FEDORA-2016-65\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807484\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 06:11:53 +0100 (Thu, 10 Mar 2016)\");\n script_cve_id(\"CVE-2016-2562\", \"CVE-2016-2559\", \"CVE-2016-2561\", \"CVE-2016-2560\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-udan11-sql-parser FEDORA-2016-65\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-udan11-sql-parser'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php-udan11-sql-parser on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-65\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178564.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-udan11-sql-parser\", rpm:\"php-udan11-sql-parser~3.4.0~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-2562", "CVE-2016-2561", "CVE-2016-2560"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310807498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807498", "type": "openvas", "title": "Fedora Update for php-udan11-sql-parser FEDORA-2016-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-udan11-sql-parser FEDORA-2016-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807498\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 06:07:51 +0100 (Mon, 14 Mar 2016)\");\n script_cve_id(\"CVE-2016-2559\", \"CVE-2016-2562\", \"CVE-2016-2560\", \"CVE-2016-2561\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-udan11-sql-parser FEDORA-2016-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-udan11-sql-parser'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php-udan11-sql-parser on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-02\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178872.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-udan11-sql-parser\", rpm:\"php-udan11-sql-parser~3.4.0~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2561", "CVE-2016-2560"], "description": "Mageia Linux Local Security Checks mgasa-2016-0092", "modified": "2019-03-14T00:00:00", "published": "2016-03-03T00:00:00", "id": "OPENVAS:1361412562310131245", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131245", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0092", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0092.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131245\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-03 14:39:16 +0200 (Thu, 03 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0092\");\n script_tag(name:\"insight\", value:\"Updated phpmyadmin package fixes security vulnerabilities: Multiple cross-site scripting (XSS) issues in phpMyAdmin before 4.4.15.5 (CVE-2016-2560, CVE-2016-2561).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0092.html\");\n script_cve_id(\"CVE-2016-2560\", \"CVE-2016-2561\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0092\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"phpmyadmin\", rpm:\"phpmyadmin~4.4.15.5~1.2.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-2562"], "description": "This host is installed with phpMyAdmin\n and is prone to multiple vulnerabilities.", "modified": "2018-10-24T00:00:00", "published": "2016-05-17T00:00:00", "id": "OPENVAS:1361412562310807593", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807593", "type": "openvas", "title": "phpMyAdmin Multiple Vulnerabilities -01 May16 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_vuln01_may16_lin.nasl 12051 2018-10-24 09:14:54Z asteins $\n#\n# phpMyAdmin Multiple Vulnerabilities -01 May16 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807593\");\n script_version(\"$Revision: 12051 $\");\n script_cve_id(\"CVE-2016-2559\", \"CVE-2016-2562\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-24 11:14:54 +0200 (Wed, 24 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 12:12:08 +0530 (Tue, 17 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"phpMyAdmin Multiple Vulnerabilities -01 May16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with phpMyAdmin\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An input validation error in format function in\n 'libraries/sql-parser/src/Utils/Error.php' script in the SQL parser.\n\n - The checkHTTP function in 'libraries/Config.class.php' script\n does not verify X.509 certificates from api.github.com SSL servers.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to inject arbitrary web script or HTML and man-in-the-middle\n attackers to spoof these servers and obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.5.x before 4.5.5.1\n on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to phpMyAdmin version 4.5.5.1 or\n later or apply patch from the link mentioned in reference.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-10\");\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-13\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!phpPort = get_app_port(cpe:CPE)) exit(0);\n\nif(!phpVer = get_app_version(cpe:CPE, port:phpPort)) exit(0);\n\nif(phpVer =~ \"^(4\\.5)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.5.5.1\"))\n {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"4.5.5.1\");\n security_message(port:phpPort, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2559", "CVE-2016-2562"], "description": "This host is installed with phpMyAdmin\n and is prone to multiple vulnerabilities.", "modified": "2018-10-29T00:00:00", "published": "2016-05-17T00:00:00", "id": "OPENVAS:1361412562310807592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807592", "type": "openvas", "title": "phpMyAdmin Multiple Vulnerabilities -01 May16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_vuln01_may16_win.nasl 12149 2018-10-29 10:48:30Z asteins $\n#\n# phpMyAdmin Multiple Vulnerabilities -01 May16 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807592\");\n script_version(\"$Revision: 12149 $\");\n script_cve_id(\"CVE-2016-2559\", \"CVE-2016-2562\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-29 11:48:30 +0100 (Mon, 29 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 12:12:08 +0530 (Tue, 17 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"phpMyAdmin Multiple Vulnerabilities -01 May16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with phpMyAdmin\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An input validation error in format function in\n 'libraries/sql-parser/src/Utils/Error.php' script in the SQL parser.\n\n - The checkHTTP function in 'libraries/Config.class.php' script\n does not verify X.509 certificates from api.github.com SSL servers.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to inject arbitrary web script or HTML and man-in-the-middle\n attackers to spoof these servers and obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.5.x before 4.5.5.1\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to phpMyAdmin version 4.5.5.1 or\n later or apply patch from the link mentioned in reference.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-10\");\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-13\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!phpPort = get_app_port(cpe:CPE)) exit(0);\n\nif(!phpVer = get_app_version(cpe:CPE, port:phpPort)) exit(0);\n\nif(phpVer =~ \"^(4\\.5)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.5.5.1\"))\n {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"4.5.5.1\");\n security_message(port:phpPort, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2561"], "description": "This host is installed with phpMyAdmin\n and is prone to multiple xss vulnerabilities.", "modified": "2018-11-21T00:00:00", "published": "2016-05-17T00:00:00", "id": "OPENVAS:1361412562310807594", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807594", "type": "openvas", "title": "phpMyAdmin Multiple XSS Vulnerabilities -01 May16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln01_may16_win.nasl 12455 2018-11-21 09:17:27Z cfischer $\n#\n# phpMyAdmin Multiple XSS Vulnerabilities -01 May16 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807594\");\n script_version(\"$Revision: 12455 $\");\n script_cve_id(\"CVE-2016-2561\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-21 10:17:27 +0100 (Wed, 21 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 12:12:08 +0530 (Tue, 17 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"phpMyAdmin Multiple XSS Vulnerabilities -01 May16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with phpMyAdmin\n and is prone to multiple xss vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An input validation error via table/column name in database normalization\n page.\n\n - An input validation error in 'templates/database/structure/sortable_header.phtml'\n script in the database structure page.\n\n - An input validation error in 'db_central_columns.php' script in the\n central columns page.\n\n - An input validation error in 'normalization.php' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to inject arbitrary web script or HTML via crafted parameters.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.4.x before 4.4.15.5\n and 4.5.x before 4.5.5.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to phpMyAdmin version 4.4.15.5 or\n 4.5.5.1 or later or apply patch from the link mentioned in reference.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-12\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!phpPort = get_app_port(cpe:CPE)) exit(0);\n\nif(!phpVer = get_app_version(cpe:CPE, port:phpPort)) exit(0);\n\nif(phpVer =~ \"^(4\\.5)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.5.5.1\"))\n {\n fix = \"4.5.5.1\";\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^(4\\.4)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.4.15.5\"))\n {\n fix = \"4.4.15.5\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(port:phpPort, data:report);\n exit(0);\n}\n\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2561"], "description": "This host is installed with phpMyAdmin\n and is prone to multiple xss vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-05-17T00:00:00", "id": "OPENVAS:1361412562310807595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807595", "type": "openvas", "title": "phpMyAdmin Multiple XSS Vulnerabilities -01 May16 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln01_may16_lin.nasl 11961 2018-10-18 10:49:40Z asteins $\n#\n# phpMyAdmin Multiple XSS Vulnerabilities -01 May16 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807595\");\n script_version(\"$Revision: 11961 $\");\n script_cve_id(\"CVE-2016-2561\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 12:49:40 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 12:12:08 +0530 (Tue, 17 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"phpMyAdmin Multiple XSS Vulnerabilities -01 May16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with phpMyAdmin\n and is prone to multiple xss vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An input validation error via table/column name in database normalization\n page.\n\n - An input validation error in 'templates/database/structure/sortable_header.phtml'\n script in the database structure page.\n\n - An input validation error in 'db_central_columns.php' script in the\n central columns page.\n\n - An input validation error in 'normalization.php' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to inject arbitrary web script or HTML via crafted parameters.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.4.x before 4.4.15.5\n and 4.5.x before 4.5.5.1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to phpMyAdmin version 4.4.15.5 or\n 4.5.5.1 or later or apply patch from the link mentioned in reference.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-12\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!phpPort = get_app_port(cpe:CPE)) exit(0);\n\nif(!phpVer = get_app_version(cpe:CPE, port:phpPort)) exit(0);\n\nif(phpVer =~ \"^(4\\.5)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.5.5.1\"))\n {\n fix = \"4.5.5.1\";\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^(4\\.4)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.4.15.5\"))\n {\n fix = \"4.4.15.5\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(port:phpPort, data:report);\n exit(0);\n}\n\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2560"], "description": "This host is installed with phpMyAdmin\n and is prone to multiple xss vulnerabilities.", "modified": "2018-11-12T00:00:00", "published": "2016-05-17T00:00:00", "id": "OPENVAS:1361412562310807596", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807596", "type": "openvas", "title": "phpMyAdmin Multiple XSS Vulnerabilities -02 May16 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln02_may16_lin.nasl 12313 2018-11-12 08:53:51Z asteins $\n#\n# phpMyAdmin Multiple XSS Vulnerabilities -02 May16 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807596\");\n script_version(\"$Revision: 12313 $\");\n script_cve_id(\"CVE-2016-2560\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-12 09:53:51 +0100 (Mon, 12 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 12:12:08 +0530 (Tue, 17 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"phpMyAdmin Multiple XSS Vulnerabilities -02 May16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with phpMyAdmin\n and is prone to multiple xss vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An input validation error via Host HTTP header, related to\n 'libraries/Config.class.php' script.\n\n - An input validation error via JSON data, related to 'file_echo.php' script.\n\n - An input validation error related to SQL query in 'js/functions.js script'.\n\n - An input validation error via the initial parameter to\n 'libraries/server_privileges.lib.php' script in the user accounts page.\n\n - An input validation error via a parameter to\n 'libraries/controllers/TableSearchController.class.php' script in the\n zoom search page.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to inject arbitrary web script or HTML via crafted parameters.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.0.x before 4.0.10.15,\n 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to phpMyAdmin version 4.0.10.15 or\n 4.4.15.5 or 4.5.5.1 or later or apply patch from the link mentioned in reference.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-11\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\n\n\nif(!phpPort = get_app_port(cpe:CPE)) exit(0);\n\nif(!phpVer = get_app_version(cpe:CPE, port:phpPort)) exit(0);\n\nif(phpVer =~ \"^(4\\.0)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.0.10.15\"))\n {\n fix = \"4.0.10.15\";\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^(4\\.5)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.5.5.1\"))\n {\n fix = \"4.5.5.1\";\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^(4\\.4)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.4.15.5\"))\n {\n fix = \"4.4.15.5\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(port:phpPort, data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2560"], "description": "This host is installed with phpMyAdmin\n and is prone to multiple xss vulnerabilities.", "modified": "2018-10-24T00:00:00", "published": "2016-05-17T00:00:00", "id": "OPENVAS:1361412562310807597", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807597", "type": "openvas", "title": "phpMyAdmin Multiple XSS Vulnerabilities -02 May16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln02_may16_win.nasl 12051 2018-10-24 09:14:54Z asteins $\n#\n# phpMyAdmin Multiple XSS Vulnerabilities -02 May16 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807597\");\n script_version(\"$Revision: 12051 $\");\n script_cve_id(\"CVE-2016-2560\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-24 11:14:54 +0200 (Wed, 24 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 12:12:08 +0530 (Tue, 17 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"phpMyAdmin Multiple XSS Vulnerabilities -02 May16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with phpMyAdmin\n and is prone to multiple xss vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An input validation error via Host HTTP header, related to\n 'libraries/Config.class.php' script.\n\n - An input validation error via JSON data, related to 'file_echo.php' script.\n\n - An input validation error related to SQL query in 'js/functions.js script'.\n\n - An input validation error via the initial parameter to\n 'libraries/server_privileges.lib.php' script in the user accounts page.\n\n - An input validation error via a parameter to\n 'libraries/controllers/TableSearchController.class.php' script in the\n zoom search page.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to inject arbitrary web script or HTML via crafted parameters.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.0.x before 4.0.10.15,\n 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to phpMyAdmin version 4.0.10.15 or\n 4.4.15.5 or 4.5.5.1 or later or apply patch from the link mentioned in reference.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-11\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\n\n\nif(!phpPort = get_app_port(cpe:CPE)) exit(0);\n\nif(!phpVer = get_app_version(cpe:CPE, port:phpPort)) exit(0);\n\nif(phpVer =~ \"^(4\\.0)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.0.10.15\"))\n {\n fix = \"4.0.10.15\";\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^(4\\.5)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.5.5.1\"))\n {\n fix = \"4.5.5.1\";\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^(4\\.4)\")\n{\n if(version_is_less(version:phpVer, test_version:\"4.4.15.5\"))\n {\n fix = \"4.4.15.5\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(port:phpPort, data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2021-02-02T06:28:05", "description": "Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.", "edition": 4, "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-03-01T11:59:00", "title": "CVE-2016-2559", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2559"], "modified": "2016-12-03T03:25:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.5.5", "cpe:/a:phpmyadmin:phpmyadmin:4.5.4", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0.2", "cpe:/a:phpmyadmin:phpmyadmin:4.5.3.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.2", "cpe:/a:phpmyadmin:phpmyadmin:4.5.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0", "cpe:/a:phpmyadmin:phpmyadmin:4.5.3", "cpe:/a:phpmyadmin:phpmyadmin:4.5.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0.1"], "id": "CVE-2016-2559", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2559", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:05", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-03-01T11:59:00", "title": "CVE-2016-2561", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2561"], "modified": "2016-12-03T03:25:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.5.5", "cpe:/a:phpmyadmin:phpmyadmin:4.4.0", "cpe:/a:phpmyadmin:phpmyadmin:4.4.10", "cpe:/a:phpmyadmin:phpmyadmin:4.4.5", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.2", "cpe:/a:phpmyadmin:phpmyadmin:4.5.4", "cpe:/a:phpmyadmin:phpmyadmin:4.4.7", "cpe:/a:phpmyadmin:phpmyadmin:4.4.9", "cpe:/a:phpmyadmin:phpmyadmin:4.4.14.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.4", "cpe:/a:phpmyadmin:phpmyadmin:4.5.3.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15", "cpe:/a:phpmyadmin:phpmyadmin:4.4.13", "cpe:/a:phpmyadmin:phpmyadmin:4.4.1.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.2", "cpe:/a:phpmyadmin:phpmyadmin:4.5.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.8", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0", "cpe:/a:phpmyadmin:phpmyadmin:4.4.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.6", "cpe:/a:phpmyadmin:phpmyadmin:4.5.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.12", "cpe:/a:phpmyadmin:phpmyadmin:4.5.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.6.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.4", "cpe:/a:phpmyadmin:phpmyadmin:4.4.11", "cpe:/a:phpmyadmin:phpmyadmin:4.4.14", "cpe:/a:phpmyadmin:phpmyadmin:4.4.13.1"], "id": "CVE-2016-2561", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2561", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:05", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-03-01T11:59:00", "title": "CVE-2016-2560", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2560"], "modified": "2016-12-03T03:25:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.5.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.5", "cpe:/a:phpmyadmin:phpmyadmin:4.4.0", "cpe:/a:phpmyadmin:phpmyadmin:4.4.10", "cpe:/a:phpmyadmin:phpmyadmin:4.4.5", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.4", "cpe:/a:phpmyadmin:phpmyadmin:4.4.7", "cpe:/a:phpmyadmin:phpmyadmin:4.4.9", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.7", "cpe:/a:phpmyadmin:phpmyadmin:4.4.14.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.4", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.4", "cpe:/a:phpmyadmin:phpmyadmin:4.5.3.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.13", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.11", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.9", "cpe:/a:phpmyadmin:phpmyadmin:4.0.6", "cpe:/a:phpmyadmin:phpmyadmin:4.0.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15", "cpe:/a:phpmyadmin:phpmyadmin:4.0.9", "cpe:/a:phpmyadmin:phpmyadmin:4.4.13", "cpe:/a:phpmyadmin:phpmyadmin:4.4.1.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.2", "cpe:/a:phpmyadmin:phpmyadmin:4.5.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.8", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.8", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0", "cpe:/a:phpmyadmin:phpmyadmin:4.4.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.10", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.12", "cpe:/a:phpmyadmin:phpmyadmin:4.0.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10", "cpe:/a:phpmyadmin:phpmyadmin:4.0.7", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.8", "cpe:/a:phpmyadmin:phpmyadmin:4.4.6", "cpe:/a:phpmyadmin:phpmyadmin:4.5.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.6", "cpe:/a:phpmyadmin:phpmyadmin:4.4.12", "cpe:/a:phpmyadmin:phpmyadmin:4.0.0", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.2", "cpe:/a:phpmyadmin:phpmyadmin:4.5.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.14", "cpe:/a:phpmyadmin:phpmyadmin:4.4.6.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.11", "cpe:/a:phpmyadmin:phpmyadmin:4.4.14", "cpe:/a:phpmyadmin:phpmyadmin:4.4.13.1"], "id": "CVE-2016-2560", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2560", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:05", "description": "The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.", "edition": 4, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2016-03-01T11:59:00", "title": "CVE-2016-2562", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2562"], "modified": "2016-12-03T03:25:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.5.5", "cpe:/a:phpmyadmin:phpmyadmin:4.5.4", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0.2", "cpe:/a:phpmyadmin:phpmyadmin:4.5.3.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.2", "cpe:/a:phpmyadmin:phpmyadmin:4.5.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0", "cpe:/a:phpmyadmin:phpmyadmin:4.5.3", "cpe:/a:phpmyadmin:phpmyadmin:4.5.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.5.0.1"], "id": "CVE-2016-2562", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2562", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3.1:*:*:*:*:*:*:*"]}], "phpmyadmin": [{"lastseen": "2019-05-29T19:30:59", "bulletinFamily": "software", "cvelist": ["CVE-2016-2559"], "description": "## PMASA-2016-10\n\n**Announcement-ID:** PMASA-2016-10\n\n**Date:** 2016-02-25\n\n### Summary\n\nXSS vulnerability in SQL parser.\n\n### Description\n\nUsing a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page.\n\n### Severity\n\nWe consider this vulnerability to be non-critical.\n\n### Mitigation factor\n\nThis vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.\n\n### Affected Versions\n\nVersions 4.5.x (prior to 4.5.5.1) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.5.5.1 or newer or apply patch listed below.\n\n### References\n\nThanks to Emanuel Bronshtein [@e3amn2l](<https://twitter.com/e3amn2l>) for reporting these vulnerabilities.\n\nAssigned CVE ids: [CVE-2016-2559](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2559>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### Patches\n\nThe following commits have been made on the 4.5 branch to fix this issue:\n\n * [3a6a9a807d99371ee126635e1a505fc1fe0df32c](<https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "edition": 2, "modified": "2016-02-25T00:00:00", "published": "2016-02-25T00:00:00", "id": "PHPMYADMIN:PMASA-2016-10", "href": "https://www.phpmyadmin.net/security/PMASA-2016-10/", "title": "XSS vulnerability in SQL parser.", "type": "phpmyadmin", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T19:31:02", "bulletinFamily": "software", "cvelist": ["CVE-2016-2561"], "description": "## PMASA-2016-12\n\n**Announcement-ID:** PMASA-2016-12\n\n**Date:** 2016-02-25\n\n### Summary\n\nMultiple XSS vulnerabilities.\n\n### Description\n\nWith a crafted table/column name it is possible to trigger an XSS attack in the database normalization page.\n\nWith a crafted parameter it is possible to trigger an XSS attack in the database structure page.\n\nWith a crafted parameter it is possible to trigger an XSS attack in central columns page.\n\n### Severity\n\nWe consider this vulnerability to be non-critical.\n\n### Mitigation factor\n\nThis vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.\n\n### Affected Versions\n\nVersions 4.4.x (prior to 4.4.15.5) and 4.5.x (prior to 4.5.5.1) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.4.15.5, 4.5.5.1, or newer or apply patch listed below.\n\n### References\n\nThanks to Emanuel Bronshtein [@e3amn2l](<https://twitter.com/e3amn2l>) for reporting these vulnerabilities.\n\nAssigned CVE ids: [CVE-2016-2561](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### Patches\n\nThe following commits have been made on the 4.5 branch to fix this issue:\n\n * [983faa94f161df3623ecd371d3696a1b3f91c15f](<https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f>)\n * [746240bd13b62b5956fc34389cfbdc09e1e67775](<https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775>)\n * [f33a42f1da9db943a67bda7d29f7dd91957a8e7e](<https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e>)\n * [37c34d089aa19f30d11203bb0c7f85b486424372](<https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372>)\n * [bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef](<https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef>)\n * [cc55f44a4a90147a007dee1aefa1cb529e23798b](<https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b>)\n\nThe following commits have been made on the 4.4 branch to fix this issue:\n\n * [90df124797175688a63be0d0a311210e92f09895](<https://github.com/phpmyadmin/phpmyadmin/commit/90df124797175688a63be0d0a311210e92f09895>)\n * [492fee722e3a0e5107246195a8d4665b87307800](<https://github.com/phpmyadmin/phpmyadmin/commit/492fee722e3a0e5107246195a8d4665b87307800>)\n * [8025745ff017274970435000a9011dfab1e04e98](<https://github.com/phpmyadmin/phpmyadmin/commit/8025745ff017274970435000a9011dfab1e04e98>)\n * [25e6bf3362a793abb59ecd668e9121a4c471e101](<https://github.com/phpmyadmin/phpmyadmin/commit/25e6bf3362a793abb59ecd668e9121a4c471e101>)\n * [f4d9d4c868cf0bba999a1bee8b05bbeb9f22e5f2](<https://github.com/phpmyadmin/phpmyadmin/commit/f4d9d4c868cf0bba999a1bee8b05bbeb9f22e5f2>)\n * [c539ef288eb5ca2f7810ccf7f2d471673dc63bcf](<https://github.com/phpmyadmin/phpmyadmin/commit/c539ef288eb5ca2f7810ccf7f2d471673dc63bcf>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "edition": 2, "modified": "2016-02-25T00:00:00", "published": "2016-02-25T00:00:00", "id": "PHPMYADMIN:PMASA-2016-12", "href": "https://www.phpmyadmin.net/security/PMASA-2016-12/", "title": "Multiple XSS vulnerabilities.", "type": "phpmyadmin", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T19:31:06", "bulletinFamily": "software", "cvelist": ["CVE-2016-2560"], "description": "## PMASA-2016-11\n\n**Announcement-ID:** PMASA-2016-11\n\n**Date:** 2016-02-25\n\n### Summary\n\nMultiple XSS vulnerabilities.\n\n### Description\n\nBy sending a specially crafted URL as part of the HOST header, it is possible to trigger an XSS attack.\n\nA weakness was found that allows an XSS attack with Internet Explorer versions older than 8 and Safari on Windows using a specially crafted URL.\n\nUsing a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page.\n\nUsing a crafted parameter value, it is possible to trigger an XSS attack in user accounts page.\n\nUsing a crafted parameter value, it is possible to trigger an XSS attack in zoom search page.\n\n### Severity\n\nWe consider this vulnerability to be non-critical.\n\n### Affected Versions\n\nVersions 4.0.x (prior to 4.0.10.15), 4.4.x (prior to 4.4.15.5) and 4.5.x (prior to 4.5.5.1) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.0.10.15, 4.4.15.4, 4.5.5.1, or newer or apply patch listed below.\n\n### References\n\nThanks to Emanuel Bronshtein [@e3amn2l](<https://twitter.com/e3amn2l>) for reporting these vulnerabilities.\n\nAssigned CVE ids: [CVE-2016-2560](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### Patches\n\nThe following commits have been made on the 4.5 branch to fix this issue:\n\n * [7877a9c0084bf8ae15cbd8d2729b126271f682cc](<https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc>)\n * [38fa1191049ac0c626a6684eea52068dfbbb5078](<https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078>)\n * [c842a0de9288033d25404d1d6eb22dd83033675f](<https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f>)\n * [ab1283e8366c97a155d4e9ae58628a248458ea32](<https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32>)\n * [41c4e0214c286f28830cca54423b5db57e7c0ce4](<https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4>)\n\nThe following commits have been made on the 4.4 branch to fix this issue:\n\n * [5168199f76c99f8c99b30e5142fa2c1a99ee5c35](<https://github.com/phpmyadmin/phpmyadmin/commit/5168199f76c99f8c99b30e5142fa2c1a99ee5c35>)\n * [9ec0b598bd0c5a5b63e483801057ab8a22e82527](<https://github.com/phpmyadmin/phpmyadmin/commit/9ec0b598bd0c5a5b63e483801057ab8a22e82527>)\n * [081551c5890c8675c15e8507eac786a78b5cb790](<https://github.com/phpmyadmin/phpmyadmin/commit/081551c5890c8675c15e8507eac786a78b5cb790>)\n * [d0cdcf54a6a10a63cf882152a0a7430a967fa31e](<https://github.com/phpmyadmin/phpmyadmin/commit/d0cdcf54a6a10a63cf882152a0a7430a967fa31e>)\n * [07591a2b1b96ab0ee3fa6377972ed2d557af22ed](<https://github.com/phpmyadmin/phpmyadmin/commit/07591a2b1b96ab0ee3fa6377972ed2d557af22ed>)\n\nThe following commits have been made on the 4.0 branch to fix this issue:\n\n * [b8f1e0f325f8f32bd82af64111d8c2e9055a363c](<https://github.com/phpmyadmin/phpmyadmin/commit/b8f1e0f325f8f32bd82af64111d8c2e9055a363c>)\n * [73c8245a3d1893a710447957e28dcfb18d9b47ad](<https://github.com/phpmyadmin/phpmyadmin/commit/73c8245a3d1893a710447957e28dcfb18d9b47ad>)\n * [0667ea8ac7519d7e642eade2686dc393d5faeae3](<https://github.com/phpmyadmin/phpmyadmin/commit/0667ea8ac7519d7e642eade2686dc393d5faeae3>)\n * [7ddce5e39a4e12cd351732955394bc7055c280eb](<https://github.com/phpmyadmin/phpmyadmin/commit/7ddce5e39a4e12cd351732955394bc7055c280eb>)\n * [fe3be9f4b9edd54dc39919e7dfeaaf4a67c1cf83](<https://github.com/phpmyadmin/phpmyadmin/commit/fe3be9f4b9edd54dc39919e7dfeaaf4a67c1cf83>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "edition": 2, "modified": "2016-02-25T00:00:00", "published": "2016-02-25T00:00:00", "id": "PHPMYADMIN:PMASA-2016-11", "href": "https://www.phpmyadmin.net/security/PMASA-2016-11/", "title": "Multiple XSS vulnerabilities.", "type": "phpmyadmin", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T19:31:08", "bulletinFamily": "software", "cvelist": ["CVE-2016-2562"], "description": "## PMASA-2016-13\n\n**Announcement-ID:** PMASA-2016-13\n\n**Date:** 2016-02-25\n\n### Summary\n\nVulnerability allowing man-in-the-middle attack on API call to GitHub.\n\n### Description\n\nA vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack.\n\n### Severity\n\nWe consider this vulnerability to be serious.\n\n### Affected Versions\n\nVersions 4.5.x (prior to 4.5.5.1) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.5.5.1 or newer or apply patch listed below.\n\n### References\n\nAssigned CVE ids: [CVE-2016-2562](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2562>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-295](<https://cwe.mitre.org/data/definitions/295.html>)\n\n### Patches\n\nThe following commits have been made on the 4.5 branch to fix this issue:\n\n * [e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976](<https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "edition": 2, "modified": "2016-02-25T00:00:00", "published": "2016-02-25T00:00:00", "id": "PHPMYADMIN:PMASA-2016-13", "href": "https://www.phpmyadmin.net/security/PMASA-2016-13/", "title": "Vulnerability allowing man-in-the-middle attack on API call to GitHub.", "type": "phpmyadmin", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:22:29", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2040", "CVE-2016-5701", "CVE-2016-5731", "CVE-2016-2561", "CVE-2016-5705", "CVE-2016-1927", "CVE-2016-5099", "CVE-2016-2560", "CVE-2016-2039", "CVE-2016-5733", "CVE-2016-2041", "CVE-2016-5739", "CVE-2016-5706"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3627-1 security@debian.org\nhttps://www.debian.org/security/ Thijs Kinkhorst\nJuly 24, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : phpmyadmin\nCVE ID : CVE-2016-1927 CVE-2016-2039 CVE-2016-2040 CVE-2016-2041 \n CVE-2016-2560 CVE-2016-2561 CVE-2016-5099 CVE-2016-5701\n CVE-2016-5705 CVE-2016-5706 CVE-2016-5731 CVE-2016-5733\n CVE-2016-5739\n\nSeveral vulnerabilities have been fixed in phpMyAdmin, the web-based\nMySQL administration interface.\n\nCVE-2016-1927\n\n The suggestPassword function relied on a non-secure random number\n generator which makes it easier for remote attackers to guess\n generated passwords via a brute-force approach.\n\nCVE-2016-2039\n\n CSRF token values were generated by a non-secure random number\n genrator, which allows remote attackers to bypass intended access\n restrictions by predicting a value.\n\nCVE-2016-2040\n\n Multiple cross-site scripting (XSS) vulnerabilities allow remote\n authenticated users to inject arbitrary web script or HTML.\n\nCVE-2016-2041\n\n phpMyAdmin does not use a constant-time algorithm for comparing\n CSRF tokens, which makes it easier for remote attackers to bypass\n intended access restrictions by measuring time differences.\n\nCVE-2016-2560\n\n Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.\n\nCVE-2016-2561\n\n Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.\n\nCVE-2016-5099\n\n Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.\n\nCVE-2016-5701\n\n For installations running on plain HTTP, phpMyAdmin allows remote\n attackers to conduct BBCode injection attacks against HTTP sessions\n via a crafted URI.\n\nCVE-2016-5705\n\n Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.\n\nCVE-2016-5706\n\n phpMyAdmin allows remote attackers to cause a denial of service\n (resource consumption) via a large array in the scripts parameter.\n\nCVE-2016-5731\n\n A cross-site scripting (XSS) vulnerability allows remote\n attackers to inject arbitrary web script or HTML.\n\nCVE-2016-5733\n\n Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.\n\nCVE-2016-5739\n\n A specially crafted Transformation could leak information which\n a remote attacker could use to perform cross site request forgeries.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4:4.2.12-2+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:4.6.3-1.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2016-07-24T16:03:48", "published": "2016-07-24T16:03:48", "id": "DEBIAN:DSA-3627-1:EBE43", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00205.html", "title": "[SECURITY] [DSA 3627-1] phpmyadmin security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-30T02:22:29", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2040", "CVE-2016-2038", "CVE-2016-1927", "CVE-2016-2560", "CVE-2016-2039", "CVE-2016-2041", "CVE-2016-2045"], "description": "Package : phpmyadmin\nVersion : 4:3.4.11.1-2+deb7u4\nCVE ID : CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 \n CVE-2016-2041 CVE-2016-2045 CVE-2016-2560\nDebian Bug : 825301\n\nThe previous security upload broke the search pages in phpMyAdmin. This\nwas caused by a broken patch applied to fix CVE-2016-2040.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n4:3.4.11.1-2+deb7u4.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "modified": "2016-05-30T18:36:40", "published": "2016-05-30T18:36:40", "id": "DEBIAN:DLA-481-2:3E1D6", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00048.html", "title": "[SECURITY] [DLA 481-2] phpmyadmin regression update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-08-12T00:51:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2040", "CVE-2016-2038", "CVE-2016-1927", "CVE-2016-2560", "CVE-2016-2039", "CVE-2016-2041", "CVE-2016-2045"], "description": "Package : phpmyadmin\nVersion : 4:3.4.11.1-2+deb7u3\nCVE ID : CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 \n CVE-2016-2041 CVE-2016-2045 CVE-2016-2560\n\nThis security update fixes a number of security issues in\nphpMyAdmin. We recommend you upgrade your phpmyadmin packages.\n\nCVE-2016-1927\n\n suggestPassword generates weak passphrases\n\nCVE-2016-2038\n\n information disclosure via crafted requests\n\nCVE-2016-2039\n\n weak CSRF token values\n\nCVE-2016-2040\n\n XSS vulnerabilities in authenticated users\n\nCVE-2016-2041\n\n information breach in CSRF token comparison\n\nCVE-2016-2045\n\n XSS injection via crafted SQL queries\n\nCVE-2016-2560\n \n XSS injection\n\nFurther information about Debian LTS security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 6, "modified": "2016-05-18T18:59:39", "published": "2016-05-18T18:59:39", "id": "DEBIAN:DLA-481-1:91517", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00033.html", "title": "[SECURITY] [DLA 481-1] phpmyadmin security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
