CVE-2013-4729

CVE-2013-4729 affects phpMyAdmin 4.x before 4.0.4.1. The import.php script does not properly restrict input data, allowing remote authenticated users to modify the GLOBALS superglobal and thereby change configuration via a crafted request. The NVD entry assigns CVSSv2 5.5 (AV:N/AC:L/Au:S/C:N/I:P/...

FreeBSD : phpMyAdmin -- Global variable scope injection (1b93f6fe-e1c1-11e2-948d-6805ca0b3d42)

The phpMyAdmin development team reports : The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevent...

Global variable scope injection.

PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope injection. Description The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. Severity We consider this...

phpMyAdmin -- Global variable scope injection

The phpMyAdmin development team reports: The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents...

FreeBSD : phpMyAdmin -- XSS due to unescaped HTML output in Create View page (6b97436c-ce1e-11e2-9cb2-6805ca0b3d42)

The phpMyAdmin development team reports : When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...

XSS due to unescaped HTML output in Create View page.

PMASA-2013-6 Announcement-ID: PMASA-2013-6 Date: 2013-06-05 Summary XSS due to unescaped HTML output in Create View page. Description When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. Severity We consider this vulnerability to be non...

phpMyAdmin -- XSS due to unescaped HTML output in Create View page

The phpMyAdmin development team reports: When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...

http-phpmyadmin-dir-traversal NSE Script

Exploits a directory traversal vulnerability in phpMyAdmin 2.6.4-pl1 and possibly other versions to retrieve remote files on the web server. Reference: Script Arguments http-phpmyadmin-dir-traversal.dir Basepath to the services page. Default: /phpMyAdmin-2.6.4-pl1/...

PhpMyAdmin preg_replace Function Code Injection (CVE-2013-3238)

A vulnerability has been reported in phpMyAdmin, a web-based administration console for MySQL servers. The vulnerability is due to an input validation error when handling queries of the types replaceprefixtbl or copytblchangeprefix to dbstructure.php. A remote, authenticated attacker could exploi...

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

Fedora Update for phpMyAdmin FEDORA-2013-6977

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...

Fedora Update for phpMyAdmin FEDORA-2013-7000

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2013-7000 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Fedora Update for phpMyAdmin FEDORA-2013-6977

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2013-6977 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Fedora Update for phpMyAdmin FEDORA-2013-7000

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 17 : phpMyAdmin-3.5.8.1-1.fc17 (2013-7000)

phpMyAdmin 3.5.8.1 2013-04-24 =============================== - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013-3 Note that Tenable Netwo...

Fedora 18 : phpMyAdmin-3.5.8.1-1.fc18 (2013-6977)

phpMyAdmin 3.5.8.1 2013-04-24 =============================== - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013-3 Note that Tenable Netwo...

Fedora 19 : phpMyAdmin-3.5.8.1-1.fc19 (2013-6928)

phpMyAdmin 3.5.8.1 2013-04-24 =============================== - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013-3 Note that Tenable Netwo...