ID PHPMYADMIN:PMASA-2019-5 Type phpmyadmin Reporter phpMyAdmin Modified 2019-10-28T00:00:00
Description
PMASA-2019-5
Announcement-ID: PMASA-2019-5
Date: 2019-10-28
Summary
SQL injection in Designer feature
Description
A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
This is similar to PMASA-2019-2 and PMASA-2019-3, but has affected different versions.
Severity
We consider this vulnerability to be serious
Affected Versions
phpMyAdmin versions prior to 4.9.2 are affected, at least as old as 4.7.7.
Solution
Upgrade to phpMyAdmin 4.9.2 or newer or apply this patch for versions older than 4.9.2: https://gist.github.com/ibennetch/4ba7d2fac6f384a5039d697a110e0912
References
Thanks to phpMyAdmin team member William Desportes for finding this vulnerability.
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
{"id": "PHPMYADMIN:PMASA-2019-5", "bulletinFamily": "software", "title": "SQL injection in Designer feature", "description": "## PMASA-2019-5\n\n**Announcement-ID:** PMASA-2019-5\n\n**Date:** 2019-10-28\n\n### Summary\n\nSQL injection in Designer feature\n\n### Description\n\nA vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.\n\nThis is similar to PMASA-2019-2 and PMASA-2019-3, but has affected different versions.\n\n### Severity\n\nWe consider this vulnerability to be serious\n\n### Affected Versions\n\nphpMyAdmin versions prior to 4.9.2 are affected, at least as old as 4.7.7.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.9.2 or newer or apply this patch for versions older than 4.9.2: https://gist.github.com/ibennetch/4ba7d2fac6f384a5039d697a110e0912\n\n### References\n\nThanks to phpMyAdmin team member [William Desportes](<https://william.wdes.fr/?from=PMASA-2019-5>) for finding this vulnerability.\n\nAssigned CVE ids: [CVE-2019-18622](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [ff541af95d7155d8dd326f331b5e248fea8e7111](<https://github.com/phpmyadmin/phpmyadmin/commit/ff541af95d7155d8dd326f331b5e248fea8e7111>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "published": "2019-10-28T00:00:00", "modified": "2019-10-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.phpmyadmin.net/security/PMASA-2019-5/", "reporter": "phpMyAdmin", "references": [], "cvelist": ["CVE-2019-18622"], "type": "phpmyadmin", "lastseen": "2019-12-04T13:26:11", "edition": 4, "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-18622"]}, {"type": "symantec", "idList": ["SMNTC-110952"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0056-1", "OPENSUSE-SU-2019:2599-1"]}, {"type": "fedora", "idList": ["FEDORA:3065560477E6", "FEDORA:71B806075F0D"]}, {"type": "nessus", "idList": ["PHPMYADMIN_PMASA_2019_5.NASL", "FEDORA_2019-DB68AE1FCA.NASL", "GENTOO_GLSA-202003-39.NASL", "FEDORA_2019-8F55B515F1.NASL", "OPENSUSE-2020-56.NASL", "OPENSUSE-2019-2599.NASL"]}, {"type": "gentoo", "idList": ["GLSA-202003-39"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143167", "OPENVAS:1361412562310877059", "OPENVAS:1361412562310877199", "OPENVAS:1361412562310852796", "OPENVAS:1361412562310143168"]}, {"type": "github", "idList": ["GHSA-JGJC-332C-8CMC"]}, {"type": "typo3", "idList": ["TYPO3-EXT-SA-2020-001"]}], "modified": "2019-12-04T13:26:11", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2019-12-04T13:26:11", "rev": 2}, "vulnersScore": 5.5}, "affectedSoftware": [{"name": "phpmyadmin", "operator": "le", "version": "4.9.2"}], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T21:41:48", "description": "An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.", "edition": 10, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-22T21:15:00", "title": "CVE-2019-18622", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18622"], "modified": "2020-01-14T22:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:opensuse:leap:15.1", "cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2019-18622", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18622", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2019-11-25T14:56:04", "bulletinFamily": "software", "cvelist": ["CVE-2019-18622"], "description": "### Description\n\nphpMyAdmin is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. phpMyAdmin versions prior to 4.9.2 are vulnerable.\n\n### Technologies Affected\n\n * phpMyAdmin phpMyAdmin 4.7.7 \n * phpMyAdmin phpMyAdmin 4.7.8 \n * phpMyAdmin phpMyAdmin 4.8.0 \n * phpMyAdmin phpMyAdmin 4.8.1 \n * phpMyAdmin phpMyAdmin 4.8.2 \n * phpMyAdmin phpMyAdmin 4.8.3 \n * phpMyAdmin phpMyAdmin 4.8.4 \n * phpMyAdmin phpMyAdmin 4.8.5 \n * phpMyAdmin phpMyAdmin 4.8.6 \n * phpMyAdmin phpMyAdmin 4.9.0 \n * phpMyAdmin phpMyAdmin 4.9.1 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nNIDS may identify and block generic attacks against web applications. Detecting and filtering SQL statements may reduce the likelihood of successful exploits.\n\n**Modify default ACL settings.** \nImplement database access control to limit the immediate impact of such vulnerabilities on the data and possibly the database itself. Ensure that applications are isolated from one another and from sensitive data through separate user accounts and restrictive ACL configurations.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-28T00:00:00", "published": "2019-10-28T00:00:00", "id": "SMNTC-110952", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110952", "type": "symantec", "title": "phpMyAdmin CVE-2019-18622 SQL Injection Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2019-12-01T17:24:53", "bulletinFamily": "unix", "cvelist": ["CVE-2019-18622"], "description": "This update for phpMyAdmin fixes the following issues:\n\n phpMyAdmin was updated to 4.9.2:\n\n * CVE-2019-18622: SQL injection in Designer feature (boo#1157614)\n * Fixes for "Failed to set session cookie" error\n * Advisor with MySQL 8.0.3 and newer\n * Fix PHP deprecation errors\n * Fix a situation where exporting users after a delete query could remove\n users\n * Fix incorrect "You do not have privileges to manipulate with the users!"\n warning\n * Fix copying a database's privileges and several other problems moving\n columns with MariaDB\n * Fix for phpMyAdmin not selecting all the values when using shift-click\n to select during Export\n\n", "edition": 1, "modified": "2019-12-01T15:10:58", "published": "2019-12-01T15:10:58", "id": "OPENSUSE-SU-2019:2599-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html", "title": "Security update for phpMyAdmin (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-01-15T00:25:00", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12922", "CVE-2020-5504", "CVE-2019-18622"], "description": "This update for phpMyAdmin to version 4.9.4 fixes the following issues:\n\n - CVE-2020-5504: SQL injection in user accounts page (boo#1160456).\n\n", "edition": 1, "modified": "2020-01-14T21:16:59", "published": "2020-01-14T21:16:59", "id": "OPENSUSE-SU-2020:0056-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html", "title": "Security update for phpMyAdmin (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-18622"], "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "modified": "2019-12-01T01:04:25", "published": "2019-12-01T01:04:25", "id": "FEDORA:71B806075F0D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: phpMyAdmin-4.9.2-1.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-18622"], "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "modified": "2019-12-01T00:46:53", "published": "2019-12-01T00:46:53", "id": "FEDORA:3065560477E6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: phpMyAdmin-4.9.2-1.fc31", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T02:25:05", "description": "Upstream announcement :\n\n**phpMyAdmin 4.9.2 is released**\n\n2019-11-22\n\nWelcome to phpMyAdmin 4.9.2, a bugfix release that also contains a\nsecurity fix.\n\nThis security fix is part of an ongoing effort to improve the security\nof the Designer feature and is designated **PMASA-2019-5**. There is\nalso an improvement for how we sanitize Git version information shown\non the home page, thanks to Ali Hubail.\n\nThis release includes fixes for many bugs, including :\n\n - Fixes for the 'Failed to set session cookie' error which\n relates to the cookie name. In some cases, data stored\n in the cookie (such as the previously-used user account)\n may not be loaded from a previous phpMyAdmin cookie the\n first time you run version 4.9.2\n\n - Fix for Advisor with MySQL 8.0.3 and newer\n\n - Fix PHP deprecation errors\n\n - Fix a situation where exporting users after a delete\n query could remove users\n\n - Fix incorrect 'You do not have privileges to manipulate\n with the users!' warning\n\n - Fix copying a database's privileges and several other\n problems moving columns with MariaDB\n\n - Fix for phpMyAdmin not selecting all the values when\n using shift-click to select during Export\n\nThere are many, many more bug fixes thanks to the efforts of our\ndevelopers and other contributors.\n\nThe phpMyAdmin team\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-03T00:00:00", "title": "Fedora 30 : phpMyAdmin (2019-8f55b515f1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18622"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:phpMyAdmin"], "id": "FEDORA_2019-8F55B515F1.NASL", "href": "https://www.tenable.com/plugins/nessus/131454", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-8f55b515f1.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131454);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-18622\");\n script_xref(name:\"FEDORA\", value:\"2019-8f55b515f1\");\n\n script_name(english:\"Fedora 30 : phpMyAdmin (2019-8f55b515f1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream announcement :\n\n**phpMyAdmin 4.9.2 is released**\n\n2019-11-22\n\nWelcome to phpMyAdmin 4.9.2, a bugfix release that also contains a\nsecurity fix.\n\nThis security fix is part of an ongoing effort to improve the security\nof the Designer feature and is designated **PMASA-2019-5**. There is\nalso an improvement for how we sanitize Git version information shown\non the home page, thanks to Ali Hubail.\n\nThis release includes fixes for many bugs, including :\n\n - Fixes for the 'Failed to set session cookie' error which\n relates to the cookie name. In some cases, data stored\n in the cookie (such as the previously-used user account)\n may not be loaded from a previous phpMyAdmin cookie the\n first time you run version 4.9.2\n\n - Fix for Advisor with MySQL 8.0.3 and newer\n\n - Fix PHP deprecation errors\n\n - Fix a situation where exporting users after a delete\n query could remove users\n\n - Fix incorrect 'You do not have privileges to manipulate\n with the users!' warning\n\n - Fix copying a database's privileges and several other\n problems moving columns with MariaDB\n\n - Fix for phpMyAdmin not selecting all the values when\n using shift-click to select during Export\n\nThere are many, many more bug fixes thanks to the efforts of our\ndevelopers and other contributors.\n\nThe phpMyAdmin team\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-8f55b515f1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"phpMyAdmin-4.9.2-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:27:49", "description": "Upstream announcement :\n\n**phpMyAdmin 4.9.2 is released**\n\n2019-11-22\n\nWelcome to phpMyAdmin 4.9.2, a bugfix release that also contains a\nsecurity fix.\n\nThis security fix is part of an ongoing effort to improve the security\nof the Designer feature and is designated **PMASA-2019-5**. There is\nalso an improvement for how we sanitize Git version information shown\non the home page, thanks to Ali Hubail.\n\nThis release includes fixes for many bugs, including :\n\n - Fixes for the 'Failed to set session cookie' error which\n relates to the cookie name. In some cases, data stored\n in the cookie (such as the previously-used user account)\n may not be loaded from a previous phpMyAdmin cookie the\n first time you run version 4.9.2\n\n - Fix for Advisor with MySQL 8.0.3 and newer\n\n - Fix PHP deprecation errors\n\n - Fix a situation where exporting users after a delete\n query could remove users\n\n - Fix incorrect 'You do not have privileges to manipulate\n with the users!' warning\n\n - Fix copying a database's privileges and several other\n problems moving columns with MariaDB\n\n - Fix for phpMyAdmin not selecting all the values when\n using shift-click to select during Export\n\nThere are many, many more bug fixes thanks to the efforts of our\ndevelopers and other contributors.\n\nThe phpMyAdmin team\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-03T00:00:00", "title": "Fedora 31 : phpMyAdmin (2019-db68ae1fca)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18622"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:31", "p-cpe:/a:fedoraproject:fedora:phpMyAdmin"], "id": "FEDORA_2019-DB68AE1FCA.NASL", "href": "https://www.tenable.com/plugins/nessus/131461", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-db68ae1fca.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131461);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-18622\");\n script_xref(name:\"FEDORA\", value:\"2019-db68ae1fca\");\n\n script_name(english:\"Fedora 31 : phpMyAdmin (2019-db68ae1fca)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream announcement :\n\n**phpMyAdmin 4.9.2 is released**\n\n2019-11-22\n\nWelcome to phpMyAdmin 4.9.2, a bugfix release that also contains a\nsecurity fix.\n\nThis security fix is part of an ongoing effort to improve the security\nof the Designer feature and is designated **PMASA-2019-5**. There is\nalso an improvement for how we sanitize Git version information shown\non the home page, thanks to Ali Hubail.\n\nThis release includes fixes for many bugs, including :\n\n - Fixes for the 'Failed to set session cookie' error which\n relates to the cookie name. In some cases, data stored\n in the cookie (such as the previously-used user account)\n may not be loaded from a previous phpMyAdmin cookie the\n first time you run version 4.9.2\n\n - Fix for Advisor with MySQL 8.0.3 and newer\n\n - Fix PHP deprecation errors\n\n - Fix a situation where exporting users after a delete\n query could remove users\n\n - Fix incorrect 'You do not have privileges to manipulate\n with the users!' warning\n\n - Fix copying a database's privileges and several other\n problems moving columns with MariaDB\n\n - Fix for phpMyAdmin not selecting all the values when\n using shift-click to select during Export\n\nThere are many, many more bug fixes thanks to the efforts of our\ndevelopers and other contributors.\n\nThe phpMyAdmin team\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-db68ae1fca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"phpMyAdmin-4.9.2-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-26T08:43:03", "description": "The remote host is affected by the vulnerability described in GLSA-202003-39\n(phpMyAdmin: SQL injection)\n\n PhpMyAdmin was vulnerable to a SQL injection attack through the\n designer feature.\n \nImpact :\n\n An authenticated remote attacker, by specifying a specially crafted\n database/table name, could trigger a SQL injection attack.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-20T00:00:00", "title": "GLSA-202003-39 : phpMyAdmin: SQL injection", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18622"], "modified": "2020-03-20T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:phpmyadmin"], "id": "GENTOO_GLSA-202003-39.NASL", "href": "https://www.tenable.com/plugins/nessus/134725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202003-39.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134725);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/24\");\n\n script_cve_id(\"CVE-2019-18622\");\n script_xref(name:\"GLSA\", value:\"202003-39\");\n\n script_name(english:\"GLSA-202003-39 : phpMyAdmin: SQL injection\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-202003-39\n(phpMyAdmin: SQL injection)\n\n PhpMyAdmin was vulnerable to a SQL injection attack through the\n designer feature.\n \nImpact :\n\n An authenticated remote attacker, by specifying a specially crafted\n database/table name, could trigger a SQL injection attack.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2019-5/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202003-39\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All phpMyAdmin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-4.9.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/phpmyadmin\", unaffected:make_list(\"ge 4.9.2\"), vulnerable:make_list(\"lt 4.9.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:54:59", "description": "According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is at least\n4.7.7 and prior to 4.9.2. It is, therefore, affected by a SQL injection (SQLi) vulnerability. A remote attacker can\nexploit this by using a crafted database or table name in the designer feature.\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's\nself-reported version number.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-26T00:00:00", "title": "phpMyAdmin 4.7.7 < 4.9.2 SQLi (PMASA-2019-5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18622"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_2019_5.NASL", "href": "https://www.tenable.com/plugins/nessus/131319", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131319);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\"CVE-2019-18622\");\n\n script_name(english:\"phpMyAdmin 4.7.7 < 4.9.2 SQLi (PMASA-2019-5)\");\n script_summary(english:\"Checks the version of phpMyAdmin.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by a SQL injection vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is at least\n4.7.7 and prior to 4.9.2. It is, therefore, affected by a SQL injection (SQLi) vulnerability. A remote attacker can\nexploit this by using a crafted database or table name in the designer feature.\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's\nself-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2019-5/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin version 4.9.2 or later.\nAlternatively, apply the patches referenced in the vendor advisories.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18622\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/phpMyAdmin\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\ninclude('http.inc');\ninclude('vcf.inc');\n\nport = get_http_port(default:80, php:TRUE);\nappname = 'phpMyAdmin';\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nconstraints = [{'min_version':'4.7.7', 'fixed_version':'4.9.2'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{sqli:TRUE});\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-24T09:17:10", "description": "This update for phpMyAdmin fixes the following issues :\n\nphpMyAdmin was updated to 4.9.2 :\n\n - CVE-2019-18622: SQL injection in Designer feature\n (boo#1157614)\n\n - Fixes for 'Failed to set session cookie' error \n\n - Advisor with MySQL 8.0.3 and newer\n\n - Fix PHP deprecation errors\n\n - Fix a situation where exporting users after a delete\n query could remove users\n\n - Fix incorrect 'You do not have privileges to manipulate\n with the users!' warning\n\n - Fix copying a database's privileges and several other\n problems moving columns with MariaDB\n\n - Fix for phpMyAdmin not selecting all the values when\n using shift-click to select during Export", "edition": 12, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-03T00:00:00", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-2019-2599)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18622"], "modified": "2019-12-03T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:phpMyAdmin"], "id": "OPENSUSE-2019-2599.NASL", "href": "https://www.tenable.com/plugins/nessus/131542", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2599.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131542);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2019-18622\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-2019-2599)\");\n script_summary(english:\"Check for the openSUSE-2019-2599 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for phpMyAdmin fixes the following issues :\n\nphpMyAdmin was updated to 4.9.2 :\n\n - CVE-2019-18622: SQL injection in Designer feature\n (boo#1157614)\n\n - Fixes for 'Failed to set session cookie' error \n\n - Advisor with MySQL 8.0.3 and newer\n\n - Fix PHP deprecation errors\n\n - Fix a situation where exporting users after a delete\n query could remove users\n\n - Fix incorrect 'You do not have privileges to manipulate\n with the users!' warning\n\n - Fix copying a database's privileges and several other\n problems moving columns with MariaDB\n\n - Fix for phpMyAdmin not selecting all the values when\n using shift-click to select during Export\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157614\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"phpMyAdmin-4.9.2-lp151.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:31:00", "description": "This update for phpMyAdmin to version 4.9.4 fixes the following \nissues :\n\n - CVE-2020-5504: SQL injection in user accounts page\n (boo#1160456).", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-15T00:00:00", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-2020-56)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12922", "CVE-2020-5504", "CVE-2019-18622"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:phpMyAdmin"], "id": "OPENSUSE-2020-56.NASL", "href": "https://www.tenable.com/plugins/nessus/132917", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-56.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132917);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2019-12922\", \"CVE-2019-18622\", \"CVE-2020-5504\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-2020-56)\");\n script_summary(english:\"Check for the openSUSE-2020-56 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for phpMyAdmin to version 4.9.4 fixes the following \nissues :\n\n - CVE-2020-5504: SQL injection in user accounts page\n (boo#1160456).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160456\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"phpMyAdmin-4.9.4-lp151.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2020-03-19T20:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2019-18622"], "description": "### Background\n\nphpMyAdmin is a web-based management tool for MySQL databases.\n\n### Description\n\nPhpMyAdmin was vulnerable to an SQL injection attack through the designer feature. \n\n### Impact\n\nAn authenticated remote attacker, by specifying a specially crafted database/table name, could trigger an SQL injection attack. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll phpMyAdmin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/phpmyadmin-4.9.2\"", "edition": 1, "modified": "2020-03-19T00:00:00", "published": "2020-03-19T00:00:00", "id": "GLSA-202003-39", "href": "https://security.gentoo.org/glsa/202003-39", "title": "phpMyAdmin: SQL injection", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-31T16:54:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18622"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-12-02T00:00:00", "id": "OPENVAS:1361412562310852796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852796", "type": "openvas", "title": "openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2019:2599-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852796\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-18622\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-02 03:00:48 +0000 (Mon, 02 Dec 2019)\");\n script_name(\"openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2019:2599-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2599-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the openSUSE-SU-2019:2599-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for phpMyAdmin fixes the following issues:\n\n phpMyAdmin was updated to 4.9.2:\n\n * CVE-2019-18622: SQL injection in Designer feature (boo#1157614)\n\n * Fixes for 'Failed to set session cookie' error\n\n * Advisor with MySQL 8.0.3 and newer\n\n * Fix PHP deprecation errors\n\n * Fix a situation where exporting users after a delete query could remove\n users\n\n * Fix incorrect 'You do not have privileges to manipulate with the users!'\n warning\n\n * Fix copying a database's privileges and several other problems moving\n columns with MariaDB\n\n * Fix for phpMyAdmin not selecting all the values when using shift-click\n to select during Export\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2599=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2599=1\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2019-2599=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2019-2599=1\");\n\n script_tag(name:\"affected\", value:\"'phpMyAdmin' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.9.2~lp150.37.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18622"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310877199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877199", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2019-db68ae1fca", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877199\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-18622\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:31:28 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2019-db68ae1fca\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-db68ae1fca\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the FEDORA-2019-db68ae1fca advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"phpMyAdmin is a tool written in PHP intended to handle the administration of\nMySQL over the World Wide Web. Most frequently used operations are supported\nby the user interface (managing databases, tables, fields, relations, indexes,\nusers, permissions), while you still have the ability to directly execute any\nSQL statement.\n\nFeatures include an intuitive web interface, support for most MySQL features\n(browse and drop databases, tables, views, fields and indexes, create, copy,\ndrop, rename and alter databases, tables, fields and indexes, maintenance\nserver, databases and tables, with proposals on server configuration, execute,\nedit and bookmark any SQL-statement, even batch-queries, manage MySQL users\nand privileges, manage stored procedures and triggers), import data from CSV\nand SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text\nand Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,\ncreating PDF graphics of your database layout, creating complex queries using\nQuery-by-example (QBE), searching globally in a database or a subset of it,\ntransforming stored data into any format using a set of predefined functions,\nlike displaying BLOB-data as image or download-link and much more...\");\n\n script_tag(name:\"affected\", value:\"'phpMyAdmin' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.9.2~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T14:39:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18622"], "description": "The remote host is missing an update for the ", "modified": "2019-12-10T00:00:00", "published": "2019-12-04T00:00:00", "id": "OPENVAS:1361412562310877059", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877059", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2019-8f55b515f1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877059\");\n script_version(\"2019-12-10T07:34:00+0000\");\n script_cve_id(\"CVE-2019-18622\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 07:34:00 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-04 03:30:46 +0000 (Wed, 04 Dec 2019)\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2019-8f55b515f1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8f55b515f1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the FEDORA-2019-8f55b515f1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"phpMyAdmin is a tool written in PHP intended to handle the administration of\nMySQL over the World Wide Web. Most frequently used operations are supported\nby the user interface (managing databases, tables, fields, relations, indexes,\nusers, permissions), while you still have the ability to directly execute any\nSQL statement.\n\nFeatures include an intuitive web interface, support for most MySQL features\n(browse and drop databases, tables, views, fields and indexes, create, copy,\ndrop, rename and alter databases, tables, fields and indexes, maintenance\nserver, databases and tables, with proposals on server configuration, execute,\nedit and bookmark any SQL-statement, even batch-queries, manage MySQL users\nand privileges, manage stored procedures and triggers), import data from CSV\nand SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text\nand Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,\ncreating PDF graphics of your database layout, creating complex queries using\nQuery-by-example (QBE), searching globally in a database or a subset of it,\ntransforming stored data into any format using a set of predefined functions,\nlike displaying BLOB-data as image or download-link and much more...\");\n\n script_tag(name:\"affected\", value:\"'phpMyAdmin' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.9.2~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T14:21:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19617", "CVE-2019-18622"], "description": "phpMyAdmin is prone to multiple vulnerabilities.", "modified": "2019-12-10T00:00:00", "published": "2019-11-25T00:00:00", "id": "OPENVAS:1361412562310143168", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143168", "type": "openvas", "title": "phpMyAdmin < 4.9.2 Multiple Vulnerabilities - PMASA-2019-5 (Windows)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143168\");\n script_version(\"2019-12-10T03:03:06+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 03:03:06 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-25 04:55:42 +0000 (Mon, 25 Nov 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-18622\", \"CVE-2019-19617\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"phpMyAdmin < 4.9.2 Multiple Vulnerabilities - PMASA-2019-5 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"phpMyAdmin is prone to multiple vulnerabilities:\n\n - SQL injection vulnerability (CVE-2019-18622)\n\n - Certain Git information is not escaped (CVE-2019-19617)\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin prior to version 4.9.2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.9.2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2019-5/\");\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"4.9.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.9.2\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T14:21:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19617", "CVE-2019-18622"], "description": "phpMyAdmin is prone to multiple vulnerabilities.", "modified": "2019-12-10T00:00:00", "published": "2019-11-25T00:00:00", "id": "OPENVAS:1361412562310143167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143167", "type": "openvas", "title": "phpMyAdmin < 4.9.2 Multiple Vulnerabilities - PMASA-2019-5 (Linux)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143167\");\n script_version(\"2019-12-10T03:03:06+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 03:03:06 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-25 04:31:35 +0000 (Mon, 25 Nov 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-18622\", \"CVE-2019-19617\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"phpMyAdmin < 4.9.2 Multiple Vulnerabilities - PMASA-2019-5 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"phpMyAdmin is prone to multiple vulnerabilities:\n\n - SQL injection vulnerability (CVE-2019-18622)\n\n - Certain Git information is not escaped (CVE-2019-19617)\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin prior to version 4.9.2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.9.2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2019-5/\");\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"4.9.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.9.2\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2020-04-06T23:39:17", "bulletinFamily": "software", "cvelist": ["CVE-2019-18622"], "description": "An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.", "edition": 3, "modified": "2020-01-16T21:56:15", "published": "2020-01-16T21:56:15", "id": "GHSA-JGJC-332C-8CMC", "href": "https://github.com/advisories/GHSA-jgjc-332c-8cmc", "title": "SQL injection in phpMyAdmin", "type": "github", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "typo3": [{"lastseen": "2020-11-12T01:21:17", "bulletinFamily": "software", "cvelist": ["CVE-2019-18622", "CVE-2020-5504"], "description": "Multiple vulnerabilities have been found in the phpMyAdmin component.\n", "modified": "2020-03-10T00:00:00", "published": "2020-03-10T00:00:00", "id": "TYPO3-EXT-SA-2020-001", "href": "https://typo3.org/security/advisory/typo3-ext-sa-2020-001", "type": "typo3", "title": "SQL Injection in extension \"phpmyadmin\" (phpmyadmin)", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
