Denial of service (DOS) attack by for loops

PMASA-2016-46 Announcement-ID: PMASA-2016-46 Date: 2016-07-26 Summary Denial of service DOS attack by for loops Description A vulnerability has been reported where a malicious authorized user can cause a denial-of-service DOS attack on a server by passing large values to a loop. Severity We...

Remote code execution vulnerability when PHP is running with dbase extension

PMASA-2016-56 Announcement-ID: PMASA-2016-56 Date: 2016-07-25 Summary Remote code execution vulnerability when PHP is running with dbase extension Description A vulnerability was discovered where phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations...

ArbitraryServerRegexp bypass

PMASA-2016-52 Announcement-ID: PMASA-2016-52 Date: 2016-07-25 Summary ArbitraryServerRegexp bypass Description A vulnerability was reported with the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by...

Denial of service (DOS) attack with dbase extension

PMASA-2016-55 Announcement-ID: PMASA-2016-55 Date: 2016-07-25 Summary Denial of service DOS attack with dbase extension Description A flaw was discovered where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. Severity We consider this...

Remote code execution vulnerability when run as CGI

PMASA-2016-54 Announcement-ID: PMASA-2016-54 Date: 2016-07-25 Updated: 2016-12-08 Summary Remote code execution vulnerability when run as CGI Description A vulnerability was discovered where a user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI...

Denial of service (DOS) attack by changing password to a very long string

PMASA-2016-53 Announcement-ID: PMASA-2016-53 Date: 2016-07-25 Summary Denial of service DOS attack by changing password to a very long string Description An authenticated user can trigger a denial-of-service DOS attack by entering a very long password at the change password dialog. Severity We...

Reflected File Download attack

PMASA-2016-51 Announcement-ID: PMASA-2016-51 Date: 2016-07-24 Summary Reflected File Download attack Description A vulnerability was discovered where an attacker may be able to trigger a user to download a specially crafted malicious SVG file. Severity We consider this issue to be of moderate...

Referrer leak in url.php

PMASA-2016-50 Announcement-ID: PMASA-2016-50 Date: 2016-07-24 Summary Referrer leak in url.php Description A vulnerability was discovered where an attacker can determine the phpMyAdmin host location through the file url.php. Severity We consider this to be of moderate severity. Affected Versions...

Detect if user is logged in

PMASA-2016-48 Announcement-ID: PMASA-2016-48 Date: 2016-07-24 Summary Detect if user is logged in Description A vulnerability was reported where an attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerabilit...

Bypass URL redirect protection

PMASA-2016-49 Announcement-ID: PMASA-2016-49 Date: 2016-07-24 Summary Bypass URL redirect protection Description A vulnerability was discovered where an attacker could redirect a user to a malicious web page. Severity We consider this to be of moderate severity Affected Versions All 4.6.x version...

DOS attack with forced persistent connections

PMASA-2016-45 Announcement-ID: PMASA-2016-45 Date: 2016-07-21 Summary DOS attack with forced persistent connections Description A vulnerability was discovered where an unauthenticated user is able to execute a denial-of-service DOS attack by forcing persistent connections when phpMyAdmin is runni...

IPv6 and proxy server IP-based authentication rule circumvention

PMASA-2016-47 Announcement-ID: PMASA-2016-47 Date: 2016-07-21 Summary IPv6 and proxy server IP-based authentication rule circumvention Description A vulnerability was discovered where, under certain circumstances, it may be possible to circumvent the phpMyAdmin IP-based authentication rules. When...

Unvalidated data passed to unserialize()

PMASA-2016-43 Announcement-ID: PMASA-2016-43 Date: 2016-07-15 Summary Unvalidated data passed to unserialize Description A vulnerability was reported where some data is passed to the PHP unserialize function without verification that it's valid serialized data. Due to how the PHP function operate...

SQL injection attack as control user

PMASA-2016-42 Announcement-ID: PMASA-2016-42 Date: 2016-07-15 Summary SQL injection attack as control user Description A vulnerability was discovered in the user interface preference feature where a user can execute an SQL injection attack against the account of the control user. Severity We...

Denial of service (DOS) attack in transformation feature

PMASA-2016-41 Announcement-ID: PMASA-2016-41 Date: 2016-07-14 Summary Denial of service DOS attack in transformation feature Description A vulnerability was found in the transformation feature allowing a user to trigger a denial-of-service DOS attack against the server. Severity We consider this...

SQL injection attack

PMASA-2016-39 Announcement-ID: PMASA-2016-39 Date: 2016-07-14 Summary SQL injection attack Description A vulnerability was discovered in the following features where a user can execute an SQL injection attack against the account of the control user: User group Designer Severity We consider this...

SQL injection attack

PMASA-2016-40 Announcement-ID: PMASA-2016-40 Date: 2016-07-14 Summary SQL injection attack Description A vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. Severity We consider this...

Multiple XSS vulnerabilities

PMASA-2016-38 Announcement-ID: PMASA-2016-38 Date: 2016-07-13 Summary Multiple XSS vulnerabilities Description Multiple XSS vulnerabilities were found in the following areas: Navigation pane and database/table hiding feature. A specially-crafted database name can be used to trigger an XSS attack...

Local file exposure

PMASA-2016-35 Announcement-ID: PMASA-2016-35 Date: 2016-07-12 Summary Local file exposure Description A vulnerability was discovered where a user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. Severity We consider this vulnerability to be...

Path traversal with SaveDir and UploadDir

PMASA-2016-37 Announcement-ID: PMASA-2016-37 Date: 2016-07-12 Summary Path traversal with SaveDir and UploadDir Description A vulnerability was reported with the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a...

Full path disclosure

PMASA-2016-33 Announcement-ID: PMASA-2016-33 Date: 2016-07-12 Summary Full path disclosure Description A full path disclosure vulnerability was discovered where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. Severity We consider...

PHP code injection

PMASA-2016-32 Announcement-ID: PMASA-2016-32 Date: 2016-07-12 Summary PHP code injection Description A vulnerability was found where a specially crafted database name could be used to run arbitrary PHP commands through the array export feature Severity We consider these vulnerabilities to be of...

SQL injection attack

PMASA-2016-34 Announcement-ID: PMASA-2016-34 Date: 2016-07-12 Summary SQL injection attack Description A vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. Severity We consider this...

Local file exposure through symlinks with UploadDir

PMASA-2016-36 Announcement-ID: PMASA-2016-36 Date: 2016-07-12 Summary Local file exposure through symlinks with UploadDir Description A vulnerability was found where a user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin...

Multiple XSS vulnerabilities

PMASA-2016-31 Announcement-ID: PMASA-2016-31 Date: 2016-07-11 Summary Multiple XSS vulnerabilities Description XSS vulnerabilities were discovered in: The database privilege check The "Remove partitioning" functionality Specially crafted database names can trigger the XSS attack. Severity We...

Multiple XSS vulnerabilities

PMASA-2016-30 Announcement-ID: PMASA-2016-30 Date: 2016-07-07 Updated: 2016-11-24 Summary Multiple XSS vulnerabilities Description Multiple vulnerabilities have been discovered in the following areas of phpMyAdmin: Zoom search: Specially crafted column content can be used to trigger an XSS attack...

Weakness with cookie encryption

PMASA-2016-29 Announcement-ID: PMASA-2016-29 Date: 2016-07-07 Summary Weakness with cookie encryption Description A pair of vulnerabilities were found affecting the way cookies are stored. The decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker...

Referrer leak in transformations

PMASA-2016-28 Announcement-ID: PMASA-2016-28 Date: 2016-06-23 Summary Referrer leak in transformations Description A vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token. This could be used to direct a CSRF attack...

Multiple full path disclosure vulnerabilities

PMASA-2016-23 Announcement-ID: PMASA-2016-23 Date: 2016-06-23 Summary Multiple full path disclosure vulnerabilities Description This PMASA contains information on multiple full-path disclosure vulnerabilities reported in phpMyAdmin. By specially crafting requests in the following areas, it is...

SQL injection attack

PMASA-2016-19 Announcement-ID: PMASA-2016-19 Date: 2016-06-23 Summary SQL injection attack Description A vulnerability was discovered that allows an SQL injection attack to run arbitrary commands as the control user. Severity We consider this vulnerability to be serious Mitigation factor This...

BBCode injection vulnerability

PMASA-2016-17 Announcement-ID: PMASA-2016-17 Date: 2016-06-23 Summary BBCode injection vulnerability Description A vulnerability was discovered that allows an BBCode injection to setup script in case it's not accessed on https. Severity We consider this to be non-critical. Mitigation factor Alway...

XSS through FPD

PMASA-2016-24 Announcement-ID: PMASA-2016-24 Date: 2016-06-23 Summary XSS through FPD Description With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script. Severity We do not consider this vulnerability to be secure due to the...

DOS attack

PMASA-2016-22 Announcement-ID: PMASA-2016-22 Date: 2016-06-23 Summary DOS attack Description A Denial Of Service DOS attack was discovered in the way phpMyAdmin loads some JavaScript files. Severity We consider this to be of moderate severity Affected Versions All 4.6.x versions prior to 4.6.3,...

XSS on table structure page

PMASA-2016-20 Announcement-ID: PMASA-2016-20 Date: 2016-06-23 Summary XSS on table structure page Description An XSS vulnerability was discovered on the table structure page Severity We consider this to be a serious vulnerability Affected Versions All 4.6.x versions prior to 4.6.3 are affected...

Multiple XSS vulnerabilities

PMASA-2016-21 Announcement-ID: PMASA-2016-21 Date: 2016-06-23 Summary Multiple XSS vulnerabilities Description An XSS vulnerability was discovered on the user privileges page. An XSS vulnerability was discovered in the error console. An XSS vulnerability was discovered in the central columns...

Multiple XSS vulnerabilities

PMASA-2016-26 Announcement-ID: PMASA-2016-26 Date: 2016-06-23 Summary Multiple XSS vulnerabilities Description A vulnerability was reported allowing a specially crafted table name to cause an XSS attack through the functionality to check database privileges. This XSS doesn't exist in some...

Unsafe handling of preg_replace parameters

PMASA-2016-27 Announcement-ID: PMASA-2016-27 Date: 2016-06-23 Summary Unsafe handling of pregreplace parameters Description In some versions of PHP, it's possible for an attacker to pass parameters to the pregreplace function which can allow the execution of arbitrary PHP code. This code is not...

XSS in partition range functionality

PMASA-2016-25 Announcement-ID: PMASA-2016-25 Date: 2016-06-23 Summary XSS in partition range functionality Description A vulnerability was reported allowing a specially crafted table parameters to cause an XSS attack through the table structure page. Severity We consider this vulnerability to be...

Cookie attribute injection attack

PMASA-2016-18 Announcement-ID: PMASA-2016-18 Date: 2016-06-23 Summary Cookie attribute injection attack Description A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. Severity We consider this to be non-critical. Mitigation...

Sensitive Data in URL GET Query Parameters

PMASA-2016-14 Announcement-ID: PMASA-2016-14 Date: 2016-05-25 Updated: 2016-05-30 Summary Sensitive Data in URL GET Query Parameters Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attacke...

Self XSS

PMASA-2016-16 Announcement-ID: PMASA-2016-16 Date: 2016-05-25 Updated: 2016-05-26 Summary Self XSS Description A specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page. Updated to include CVE ID...

File Traversal Protection Bypass on Error Reporting

PMASA-2016-15 Announcement-ID: PMASA-2016-15 Date: 2016-05-25 Updated: 2016-05-26 Summary File Traversal Protection Bypass on Error Reporting Description A specially crafted payload could result in the error reporting component exposing whether an arbitrary file exists on the file system and the...

Multiple XSS vulnerabilities.

PMASA-2016-12 Announcement-ID: PMASA-2016-12 Date: 2016-02-25 Summary Multiple XSS vulnerabilities. Description With a crafted table/column name it is possible to trigger an XSS attack in the database normalization page. With a crafted parameter it is possible to trigger an XSS attack in the...

Vulnerability allowing man-in-the-middle attack on API call to GitHub.

PMASA-2016-13 Announcement-ID: PMASA-2016-13 Date: 2016-02-25 Summary Vulnerability allowing man-in-the-middle attack on API call to GitHub. Description A vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack. Severity We consider this vulnerability to be...

Multiple XSS vulnerabilities.

PMASA-2016-11 Announcement-ID: PMASA-2016-11 Date: 2016-02-25 Summary Multiple XSS vulnerabilities. Description By sending a specially crafted URL as part of the HOST header, it is possible to trigger an XSS attack. A weakness was found that allows an XSS attack with Internet Explorer versions...

XSS vulnerability in SQL parser.

PMASA-2016-10 Announcement-ID: PMASA-2016-10 Date: 2016-02-25 Summary XSS vulnerability in SQL parser. Description Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. Severity We consider this vulnerability to be non-critical. Mitigation factor This...

XSS vulnerability in normalization page.

PMASA-2016-7 Announcement-ID: PMASA-2016-7 Date: 2016-01-24 Summary XSS vulnerability in normalization page. Description With a crafted table name it is possible to trigger an XSS attack in the database normalization page. Severity We consider this vulnerability to be non-critical. Mitigation...

Insecure password generation in JavaScript.

PMASA-2016-4 Announcement-ID: PMASA-2016-4 Date: 2016-01-24 Summary Insecure password generation in JavaScript. Description Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. Severity We consider this vulnerability to be non-critical...

XSS vulnerability in SQL editor.

PMASA-2016-9 Announcement-ID: PMASA-2016-9 Date: 2016-01-24 Summary XSS vulnerability in SQL editor. Description With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor. Severity We consider this vulnerability to be non-critical. Mitigation factor This vulnerability ca...

Unsafe comparison of XSRF/CSRF token.

PMASA-2016-5 Announcement-ID: PMASA-2016-5 Date: 2016-01-24 Summary Unsafe comparison of XSRF/CSRF token. Description The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF...