Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
phpmyadminPhpMyAdminPHPMYADMIN:PMASA-2008-2
HistoryMar 29, 2008 - 12:00 a.m.

Credentials disclosure on shared hosts via session data

2008-03-2900:00:00
www.phpmyadmin.net
6

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.5%

JSON

PMASA-2008-2

Announcement-ID: PMASA-2008-2

Date: 2008-03-29

Summary

Credentials disclosure on shared hosts via session data

Description

We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host.

Severity

We consider this vulnerability to be serious.

Affected Versions

Versions before 2.11.5.1.

Solution

Upgrade to phpMyAdmin 2.11.5.1 or newer.

References

Assigned CVE ids: CVE-2008-1567

CWE ids: CWE-661 CWE-522

Patches

The following commits have been made to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CPENameOperatorVersion
phpmyadminle2.11.5.1.

Related

openvas 10
debiancve 1
nessus 7
cve 1
redhatcve 1
prion 1
ubuntucve 1
freebsd 1
fedora 2
securityvulns 2
osv 1
debian 1
openvas
openvas
FreeBSD Ports: phpmyadmin
2008-09-04 00:00:00
FreeBSD Ports: phpmyadmin
2008-09-04 00:00:00
Fedora Update for phpMyAdmin FEDORA-2008-2825
2009-02-16 00:00:00
debiancve
debiancve
CVE-2008-1567
2008-03-31 22:44:00
nessus
nessus
Fedora 7 : phpMyAdmin-2.11.5.1-1.fc7 (2008-2874)
2008-04-04 00:00:00
Fedora 8 : phpMyAdmin-2.11.5.1-1.fc8 (2008-2825)
2008-04-04 00:00:00
FreeBSD : phpmyadmin -- Username/Password Session File Information Disclosure (6eb1dc51-1244-11dd-bab7-0016179b2dd5)
2008-04-28 00:00:00
cve
cve
CVE-2008-1567
2008-03-31 22:44:00
redhatcve
redhatcve
CVE-2008-1567
2019-10-04 19:40:39
prion
prion
Information disclosure
2008-03-31 22:44:00
ubuntucve
ubuntucve
CVE-2008-1567
2008-03-31 00:00:00
freebsd
freebsd
phpmyadmin -- Username/Password Session File Information Disclosure
2008-03-31 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.5.1-1.fc8
2008-04-01 21:34:55
[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.5.1-1.fc7
2008-04-01 21:39:15
securityvulns
securityvulns
[SECURITY] [DSA 1557-1] New phpmyadmin packages fix several vulnerabilities
2008-04-27 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2008-04-27 00:00:00
osv
osv
phpmyadmin - several vulnerabilities
2008-04-24 00:00:00
debian
debian
[SECURITY] [DSA 1557-1] New phpmyadmin packages fix several vulnerabilities
2008-04-24 20:32:28

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.5%

JSON
Related for PHPMYADMIN:PMASA-2008-2
openvas10debiancve1nessus7cve1redhatcve1prion1ubuntucve1freebsd1fedora2securityvulns2osv1debian1