Multiple XSS vulnerabilities

PMASA-2016-30

Announcement-ID: PMASA-2016-30

Date: 2016-07-07

Updated: 2016-11-24

Summary

Multiple XSS vulnerabilities

Description

Multiple vulnerabilities have been discovered in the following areas of phpMyAdmin:

• Zoom search: Specially crafted column content can be used to trigger an XSS attack
• GIS editor: Certain fields in the graphical GIS editor at not properly escaped and can be used to trigger an XSS attack
• Relation view
• The following Transformations:
  • Formatted
  • Imagelink
  • JPEG: Upload
  • RegexValidation
  • JPEG inline
  • PNG inline
  • transformation wrapper
• XML export
• MediaWiki export
• Designer
• When the MySQL server is running with a specially-crafted log_bin directive
• Database tab
• Replication feature
• Database search

Updated on 2016-11-24: Fixed list of commits.

Severity

We consider these vulnerabilities to be of moderate severity.

Affected Versions

All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected

Solution

Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below.

References

Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability.

Assigned CVE ids: CVE-2016-6607

CWE ids: CWE-661

Patches

The following commits have been made on the 4.0 branch to fix this issue:

• 6cbbcdb719829075aaa2d5a91828831dbf1d74e1
• a416cbe6c7dd14b843f4ceed6d17be112ad4aad6
• 31546255f3ba8c8f2fc1e001aabff2da4054d293
• 4caa90a8324c928da3e6050f20736dbcbeaf1627
• a3953f88ef5ab287718bf73c454733947ce52128
• a9005b20bcb81b1e2007ab69c6bd67a3679d56b3
• fec9b98a22afd6e484e584c71990cc1325e96f2c
• e9a4de70a769312d3dce61b69f65015cdd2c4681
• 7de139b90ca6926d9ec06c2684ef8877a01b5ed7
• 8f3ee9f9dbcbaddebcdd95f4cbd7c7ea00ab17da
• 09a427b288cbbd1508a055a5594f906c22a60dec
• 04156efeb02ade052e46e09c93c74b95e2da9175

The following commits have been made on the 4.4 branch to fix this issue:

• 1dc9c7d1fca15c3f6170729429912b88e513e970
• 6f3cd526e3e6acd655899c6edccb92cdcb62a493
• 63af274953f7047bae39bc4d2aa59bd450cf9f05
• f6af4f32cd4112d774d823e236982a218569d13c
• 1c62be26242489ca30357a8fe423b708c5659059
• 4062df92df1ef0f3c548807da3b6c7b63d2f74d6
• c3f6c8e5c834bef2d6d0577fe7251969e423639c
• b1801af0c118e4a47a54968c7e1236cd39c670af
• fd8cdd79333e5ab47d395f5f5178faaaf795d39e
• 5d427d65089af5106ae0e306379d99b6d3c51764
• 76b5dd2948bd114e2468afd375b3e9a6bbc30059
• fac2bb1f7050c44af405b23b2cbab9822857914e
• 566a6885e82aa54f25843664443b11ca45c106bc
• fb0e7ea4b4f795946f6b723dd8086594aed49d5e
• 5ea073c2a3b07e4d58dc4d9be3106526f1edf6c3

The following commits have been made on the 4.6 branch to fix this issue:

• cbba4f4fdb18ad071e3d515a0e96067939d3352b
• 987cce0bcf2f0ba9b705638343872f56283a0508
• 0bf21ebf720a552c8e727a6cca1c653e20c3160a
• dc899d8e7584b6bfb104d66668527e9609a80b36
• c3310536b2896a12dab3e0f7715c7e693221de25
• cc6853538cec697b67e03fbfef2e5f2c7ebc481f
• 126321da378cf14165f845309446be410470229b
• bde4ef735b0620f8b11deb21f29a79d9942a98ce
• 1ed4007689ebbb6b6a08a242025382d0f8d347b1
• 80b03a4f1629957c4b3f22288147e5ed8495856b
• 6da13e2a1cbcd204617ab140ab70e08258473e33
• 59e0f3dee4b7cfe05375f8b0e90adb19e1af6377
• 9e3492730ebf6d60dafd0283f605c6ad09f8271a
• c3a3531b61bb0c886d4d6838356c32f655a1123c
• e4be768781a6c17ece9d2d3f34f9aa0f3e2e1056

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.