phpmyadmin - several vulnerabilities

2010-08-2900:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2010-3055
The configuration setup script does not properly sanitise its output
file, which allows remote attackers to execute arbitrary PHP code via
a crafted POST request. In Debian, the setup tool is protected through
Apache HTTP basic authentication by default.
CVE-2010-3056
Various cross site scripting issues have been discovered that allow
a remote attacker to inject arbitrary web script or HTML.

For the stable distribution (lenny), these problems have been fixed in
version 2.11.8.1-5+lenny5.

For the testing (squeeze) and unstable distribution (sid), these problems
have been fixed in version 3.3.5.1-1.

We recommend that you upgrade your phpmyadmin package.

CPENameOperatorVersion
phpmyadmineq4:2.11.8.1-5+lenny4
phpmyadmineq4:2.11.8.1-5+lenny3
phpmyadmineq4:2.11.8.1-5+lenny1
phpmyadmineq4:2.11.8.1-5
phpmyadmineq4:2.11.8.1-5+lenny5