Multiple XSS vulnerabilities.

PMASA-2014-13 Announcement-ID: PMASA-2014-13 Date: 2014-11-20 Summary Multiple XSS vulnerabilities. Description With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the...

XSS vulnerability in error reporting functionality.

PMASA-2014-15 Announcement-ID: PMASA-2014-15 Date: 2014-11-20 Summary XSS vulnerability in error reporting functionality. Description With a crafted file name it is possible to trigger an XSS in the error reporting page. Severity We consider this vulnerability to be non critical. Mitigation facto...

5 XSS vulnerabilities in setup, chart display, process list, and logo link.

PMASA-2013-9 Announcement-ID: PMASA-2013-9 Date: 2013-07-28 Updated: 2013-07-30 Summary 5 XSS vulnerabilities in setup, chart display, process list, and logo link. Description In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display...

XSS vulnerability when a text to link transformation is used.

PMASA-2013-13 Announcement-ID: PMASA-2013-13 Date: 2013-07-28 Updated: 2013-07-30 Summary XSS vulnerability when a text to link transformation is used. Description When the TextLinkTransformationPlugin is used to create a link to an object when displaying the contents of a table, the object name ...

XSS in replication setup.

PMASA-2012-1 Announcement-ID: PMASA-2012-1 Date: 2012-02-18 Summary XSS in replication setup. Description It was possible to conduct XSS using a crafted database name. Severity We consider this vulnerability to be non critical. Mitigation factor The victim would have to willingly click on a...

XSS vulnerability

PMASA-2006-7 Announcement-ID: PMASA-2006-7 Date: 2006-11-17 Summary XSS vulnerability Description We received a security advisory from laurent gaffié and we wish to thank him for his work. It was possible to produce XSS via table and database comment field and through position parameter. Severity...

When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user.

PMASA-2004-2 Announcement-ID: PMASA-2004-2 Date: 2004-10-12 Summary When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user. Description phpMyAdmin allows to use MIME transformations for displayi...

XSS in Designer feature

PMASA-2018-3 Announcement-ID: PMASA-2018-3 Date: 2018-06-19 Updated: 2018-06-21 Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name. Severity...

XSRF/CSRF vulnerability in phpMyAdmin

PMASA-2017-9 Announcement-ID: PMASA-2017-9 Date: 2017-12-20 Updated: 2018-01-03 Summary XSRF/CSRF vulnerability in phpMyAdmin Description By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc...

Remote code execution vulnerability when run as CGI

PMASA-2016-54 Announcement-ID: PMASA-2016-54 Date: 2016-07-25 Updated: 2016-12-08 Summary Remote code execution vulnerability when run as CGI Description A vulnerability was discovered where a user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI...

Bypass URL redirect protection

PMASA-2016-49 Announcement-ID: PMASA-2016-49 Date: 2016-07-24 Summary Bypass URL redirect protection Description A vulnerability was discovered where an attacker could redirect a user to a malicious web page. Severity We consider this to be of moderate severity Affected Versions All 4.6.x version...

Full path disclosure

PMASA-2016-33 Announcement-ID: PMASA-2016-33 Date: 2016-07-12 Summary Full path disclosure Description A full path disclosure vulnerability was discovered where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. Severity We consider...

XSS on table structure page

PMASA-2016-20 Announcement-ID: PMASA-2016-20 Date: 2016-06-23 Summary XSS on table structure page Description An XSS vulnerability was discovered on the table structure page Severity We consider this to be a serious vulnerability Affected Versions All 4.6.x versions prior to 4.6.3 are affected...

Insecure password generation in JavaScript.

PMASA-2016-4 Announcement-ID: PMASA-2016-4 Date: 2016-01-24 Summary Insecure password generation in JavaScript. Description Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. Severity We consider this vulnerability to be non-critical...

Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages

PMASA-2014-8 Announcement-ID: PMASA-2014-8 Date: 2014-08-17 Summary Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages Description With a crafted database, table or a primary/unique key column name it is possible to trigger an XSS when...

XSS due to unescaped HTML output in GIS visualisation page.

PMASA-2013-1 Announcement-ID: PMASA-2013-1 Date: 2013-04-18 Summary XSS due to unescaped HTML output in GIS visualisation page. Description When modifying a URL parameter with a crafted value it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation...

XSS and SQL injection vulnerabilities

PMASA-2009-6 Announcement-ID: PMASA-2009-6 Date: 2009-10-13 Summary XSS and SQL injection vulnerabilities Description Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. SQL injection vulnerability allows remote...

XSS vulnerabilities

PMASA-2007-7 Announcement-ID: PMASA-2007-7 Date: 2007-11-11 Summary XSS vulnerabilities Description We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to create a malicious database name that contains XSS code. Our team fixed...

XSS vulnerabilities

PMASA-2006-1 Announcement-ID: PMASA-2006-1 Date: 2006-04-06 Summary XSS vulnerabilities Description It was possible to conduct an XSS attack with a direct call to some scripts under the themes directory. We wish to thank Toni Koivunen/CERT-FI for this advisory. Severity We consider these...

XSS vulnerabilities

PMASA-2005-8 Announcement-ID: PMASA-2005-8 Date: 2005-12-05 Summary XSS vulnerabilities Description It was possible to conduct an XSS attack via the HTTPHOST variable; also, some scripts in the libraries directory that handle header generation were vulnerable to XSS. Severity We consider these...

Username deny rules bypass (AllowRoot & Others) by using Null Byte

PMASA-2016-60 Announcement-ID: PMASA-2016-60 Date: 2016-11-25 Updated: 2016-12-06 Summary Username deny rules bypass AllowRoot & Others by using Null Byte Description It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the...

XSS vulnerability in SQL parser.

PMASA-2016-10 Announcement-ID: PMASA-2016-10 Date: 2016-02-25 Summary XSS vulnerability in SQL parser. Description Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. Severity We consider this vulnerability to be non-critical. Mitigation factor This...

Full path disclosure vulnerability

PMASA-2015-6 Announcement-ID: PMASA-2015-6 Date: 2015-12-25 Summary Full path disclosure vulnerability Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the...

Locally Saved SQL Dump File Multiple File Extension Remote Code Execution.

PMASA-2013-3 Announcement-ID: PMASA-2013-3 Date: 2013-04-24 Summary Locally Saved SQL Dump File Multiple File Extension Remote Code Execution. Description phpMyAdmin can be configured to save an export file on the web server, via its SaveDir directive. With this in place, it's possible, either vi...

Local file inclusion vulnerability and code execution.

PMASA-2011-11 Announcement-ID: PMASA-2011-11 Date: 2011-07-23 Summary Local file inclusion vulnerability and code execution. Description In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. Severity We consider this vulnerability to be...

Cross-Site Scripting vulnerability

PMASA-2005-3 Announcement-ID: PMASA-2005-3 Date: 2005-04-03 Summary Cross-Site Scripting vulnerability Description We received a security advisory from Oriol Torrent Santiago and we wish to thank him for his work and report. The convcharset parameter was not correctly validated, opening the door ...

phpinfo information leak value of sensitive (HttpOnly) cookies

PMASA-2016-59 Announcement-ID: PMASA-2016-59 Date: 2016-11-25 Updated: 2016-12-06 Summary phpinfo information leak value of sensitive HttpOnly cookies Description phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. Severity We consider this vulnerability to be...

PHP code injection

PMASA-2016-32 Announcement-ID: PMASA-2016-32 Date: 2016-07-12 Summary PHP code injection Description A vulnerability was found where a specially crafted database name could be used to run arbitrary PHP commands through the array export feature Severity We consider these vulnerabilities to be of...

XSS through FPD

PMASA-2016-24 Announcement-ID: PMASA-2016-24 Date: 2016-06-23 Summary XSS through FPD Description With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script. Severity We do not consider this vulnerability to be secure due to the...

Cookie attribute injection attack

PMASA-2016-18 Announcement-ID: PMASA-2016-18 Date: 2016-06-23 Summary Cookie attribute injection attack Description A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Severity We consider this to be non-critical. Mitigation...

Multiple XSS vulnerabilities.

PMASA-2016-12 Announcement-ID: PMASA-2016-12 Date: 2016-02-25 Summary Multiple XSS vulnerabilities. Description With a crafted table/column name it is possible to trigger an XSS attack in the database normalization page. With a crafted parameter it is possible to trigger an XSS attack in the...

Vulnerability allowing man-in-the-middle attack on API call to GitHub.

PMASA-2015-3 Announcement-ID: PMASA-2015-3 Date: 2015-05-13 Summary Vulnerability allowing man-in-the-middle attack on API call to GitHub. Description A vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack. Severity We consider this vulnerability to be...

Multiple XSS in AJAX confirmation messages.

PMASA-2014-6 Announcement-ID: PMASA-2014-6 Date: 2014-07-17 Summary Multiple XSS in AJAX confirmation messages. Description With a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when...

Unvalidated input on error page.

PMASA-2010-9 Announcement-ID: PMASA-2010-9 Date: 2010-12-07 Updated: 2010-02-16 Summary Unvalidated input on error page. Description It was possible to display arbitrary text and link to external site using parameters passed to particular script. Severity This issue is considered minor, because t...

XSS attack using debugging messages.

PMASA-2010-6 Announcement-ID: PMASA-2010-6 Date: 2010-08-30 Summary XSS attack using debugging messages. Description It was possible to conduct a XSS attack using error messages in PHP backtrace. Severity We consider this vulnerability to be non critical. Mitigation factor Additional steps from...

XSS for Microsoft Internet Explorer on several places

PMASA-2008-8 Announcement-ID: PMASA-2008-8 Date: 2008-09-23 Updated: 2008-10-01 Summary XSS for Microsoft Internet Explorer on several places Description We received an advisory from Masako Oono of NetAgent Co.,Ltd. via JPCERT/CC Vulnerability Handling Team and we wish to thank them for their wor...

Credentials disclosure on shared hosts via session data

PMASA-2008-2 Announcement-ID: PMASA-2008-2 Date: 2008-03-29 Summary Credentials disclosure on shared hosts via session data Description We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and...

XSS vulnerability

PMASA-2006-4 Announcement-ID: PMASA-2006-4 Date: 2006-06-30 Updated: 2006-07-01 Summary XSS vulnerability Description It was possible to craft a request that contains XSS by attacking the "table" parameter. Severity We consider this vulnerability to be serious. Affected Versions Some versions...

HTTP Response Splitting vulnerability

PMASA-2005-6 Announcement-ID: PMASA-2005-6 Date: 2005-11-15 Summary HTTP Response Splitting vulnerability Description Some scripts in phpMyAdmin are vulnerable to an HTTP Response Splitting attack. Severity We consider these vulnerabilities to be serious. However, they can only be triggered on...

Two vulnerabilities were found in phpMyAdmin, that may allow command execution and file disclosure.

PMASA-2004-4 Announcement-ID: PMASA-2004-4 Date: 2004-12-13 Summary Two vulnerabilities were found in phpMyAdmin, that may allow command execution and file disclosure. Description We received a security advisory from Nicolas Gregoire exaprobe.com about those vulnerabilities and we wish to thank h...

SSRF in replication

PMASA-2017-6 Announcement-ID: PMASA-2017-6 Date: 2017-01-24 Summary SSRF in replication Description For a user with appropriate MySQL privileges it was possible to connect to arbitrary host. Severity We consider this to be non-critical. Mitigation factor The vulnerability is exposed only to MySQL...

Sensitive Data in URL GET Query Parameters

PMASA-2016-14 Announcement-ID: PMASA-2016-14 Date: 2016-05-25 Updated: 2016-05-30 Summary Sensitive Data in URL GET Query Parameters Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attacke...

Vulnerability allowing man-in-the-middle attack on API call to GitHub.

PMASA-2016-13 Announcement-ID: PMASA-2016-13 Date: 2016-02-25 Summary Vulnerability allowing man-in-the-middle attack on API call to GitHub. Description A vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack. Severity We consider this vulnerability to be...

Multiple XSS vulnerabilities.

PMASA-2016-11 Announcement-ID: PMASA-2016-11 Date: 2016-02-25 Summary Multiple XSS vulnerabilities. Description By sending a specially crafted URL as part of the HOST header, it is possible to trigger an XSS attack. A weakness was found that allows an XSS attack with Internet Explorer versions...

Self-XSS due to unescaped HTML output in recent/favorite tables navigation.

PMASA-2014-2 Announcement-ID: PMASA-2014-2 Date: 2014-06-20 Summary Self-XSS due to unescaped HTML output in recent/favorite tables navigation. Description When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. Severity We consid...

Self-XSS due to unescaped HTML output in import.

PMASA-2014-1 Announcement-ID: PMASA-2014-1 Date: 2014-02-15 Summary Self-XSS due to unescaped HTML output in import. Description When importing a file with crafted filename, it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation factor This...

One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.

PMASA-2012-5 Announcement-ID: PMASA-2012-5 Date: 2012-09-25 Updated: 2012-09-26 Summary One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor. Description One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a...

Multiple XSS in the Tracking feature.

PMASA-2011-13 Announcement-ID: PMASA-2011-13 Date: 2011-08-24 Summary Multiple XSS in the Tracking feature. Description Missing sanitization on the table, column and index names leads to XSS vulnerabilities. Severity We consider this vulnerability to be serious. Mitigation factor An attacker must...

XSS vulnerability on Tracking page.

PMASA-2011-3 Announcement-ID: PMASA-2011-3 Date: 2011-05-22 Summary XSS vulnerability on Tracking page. Description It was possible to create a crafted table name that leads to XSS. Severity We consider this vulnerability to be serious. Mitigation factor This vulnerability works in the context of...

Possible information disclosure.

PMASA-2010-10 Announcement-ID: PMASA-2010-10 Date: 2010-12-07 Updated: 2010-02-16 Summary Possible information disclosure. Description Unauthenticated user was able to display phpinfo output if phpMyAdmin was enabled to show it. Severity The issue is considered minor, because this feature is not...