XSS vulnerability in normalization page.

PMASA-2016-7 Announcement-ID: PMASA-2016-7 Date: 2016-01-24 Summary XSS vulnerability in normalization page. Description With a crafted table name it is possible to trigger an XSS attack in the database normalization page. Severity We consider this vulnerability to be non-critical. Mitigation...

Insecure password generation in JavaScript.

PMASA-2016-4 Announcement-ID: PMASA-2016-4 Date: 2016-01-24 Summary Insecure password generation in JavaScript. Description Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. Severity We consider this vulnerability to be non-critical...

Unsafe generation of XSRF/CSRF token.

PMASA-2016-2 Announcement-ID: PMASA-2016-2 Date: 2016-01-24 Summary Unsafe generation of XSRF/CSRF token. Description The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. Severity We consider this vulnerability to be...

Unsafe comparison of XSRF/CSRF token.

PMASA-2016-5 Announcement-ID: PMASA-2016-5 Date: 2016-01-24 Summary Unsafe comparison of XSRF/CSRF token. Description The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF...

Multiple full path disclosure vulnerabilities.

PMASA-2016-1 Announcement-ID: PMASA-2016-1 Date: 2016-01-23 Summary Multiple full path disclosure vulnerabilities. Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path...

Full path disclosure vulnerability

PMASA-2015-6 Announcement-ID: PMASA-2015-6 Date: 2015-12-25 Summary Full path disclosure vulnerability Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the...

Content spoofing vulnerability when redirecting user to an external site

PMASA-2015-5 Announcement-ID: PMASA-2015-5 Date: 2015-10-23 Summary Content spoofing vulnerability when redirecting user to an external site Description This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites...

Vulnerability that allows bypassing the reCaptcha test

PMASA-2015-4 Announcement-ID: PMASA-2015-4 Date: 2015-09-08 Summary Vulnerability that allows bypassing the reCaptcha test Description This vulnerability allows to complete the reCaptcha test and subsequently perform a brute force attack to guess user credentials without having to complete furthe...

Vulnerability allowing man-in-the-middle attack on API call to GitHub.

PMASA-2015-3 Announcement-ID: PMASA-2015-3 Date: 2015-05-13 Summary Vulnerability allowing man-in-the-middle attack on API call to GitHub. Description A vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack. Severity We consider this vulnerability to be...

XSRF/CSRF vulnerability in phpMyAdmin setup.

PMASA-2015-2 Announcement-ID: PMASA-2015-2 Date: 2015-05-13 Summary XSRF/CSRF vulnerability in phpMyAdmin setup. Description By deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup. Severity We consider this vulnerability...

Risk of BREACH attack due to reflected parameter.

PMASA-2015-1 Announcement-ID: PMASA-2015-1 Date: 2015-03-04 Summary Risk of BREACH attack due to reflected parameter. Description With a large number of crafted requests it was possible to infer the CSRF token by a BREACH attack. Severity We consider this vulnerability to be non critical...

XSS vulnerability in redirection mechanism.

PMASA-2014-18 Announcement-ID: PMASA-2014-18 Date: 2014-12-03 Summary XSS vulnerability in redirection mechanism. Description With a crafted URL it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin. Severity We consider this vulnerability to be non critical. Affected...

DoS vulnerability with long passwords.

PMASA-2014-17 Announcement-ID: PMASA-2014-17 Date: 2014-12-03 Summary DoS vulnerability with long passwords. Description With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin. Severity We consider this vulnerability to be serious. Mitigation factor This...

Multiple XSS vulnerabilities.

PMASA-2014-13 Announcement-ID: PMASA-2014-13 Date: 2014-11-20 Summary Multiple XSS vulnerabilities. Description With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the...

Leakage of line count of an arbitrary file.

PMASA-2014-16 Announcement-ID: PMASA-2014-16 Date: 2014-11-20 Summary Leakage of line count of an arbitrary file. Description In the error reporting feature, a parameter specifying the file was not correctly validated, allowing the attacker to derive the line count of an arbitrary file. Severity ...

XSS vulnerability in error reporting functionality.

PMASA-2014-15 Announcement-ID: PMASA-2014-15 Date: 2014-11-20 Summary XSS vulnerability in error reporting functionality. Description With a crafted file name it is possible to trigger an XSS in the error reporting page. Severity We consider this vulnerability to be non critical. Mitigation facto...

Local file inclusion vulnerability.

PMASA-2014-14 Announcement-ID: PMASA-2014-14 Date: 2014-11-20 Summary Local file inclusion vulnerability. Description In the GIS editor feature, a parameter specifying the geometry type was not correcly validated, opening the door to a local file inclusion attack. Severity We consider this...

XSS vulnerabilities in SQL debug output and server monitor page.

PMASA-2014-12 Announcement-ID: PMASA-2014-12 Date: 2014-10-21 Summary XSS vulnerabilities in SQL debug output and server monitor page. Description With a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and...

XSS vulnerabilities in table search and table structure pages.

PMASA-2014-11 Announcement-ID: PMASA-2014-11 Date: 2014-10-01 Summary XSS vulnerabilities in table search and table structure pages. Description With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. Severity We consider this vulnerability to be non...

XSRF/CSRF due to DOM based XSS in the micro history feature

PMASA-2014-10 Announcement-ID: PMASA-2014-10 Date: 2014-09-13 Summary XSRF/CSRF due to DOM based XSS in the micro history feature Description By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a...

Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages

PMASA-2014-8 Announcement-ID: PMASA-2014-8 Date: 2014-08-17 Summary Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages Description With a crafted database, table or a primary/unique key column name it is possible to trigger an XSS when...

XSS in view operations page.

PMASA-2014-9 Announcement-ID: PMASA-2014-9 Date: 2014-08-17 Summary XSS in view operations page. Description With a crafted view name it is possible to trigger an XSS when dropping the view in view operation page. Severity We consider this vulnerability to be non critical. Mitigation factor This...

Access for an unprivileged user to MySQL user list.

PMASA-2014-7 Announcement-ID: PMASA-2014-7 Date: 2014-07-17 Summary Access for an unprivileged user to MySQL user list. Description An unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them. Severity We consider this vulnerability to be non...

Multiple XSS in AJAX confirmation messages.

PMASA-2014-6 Announcement-ID: PMASA-2014-6 Date: 2014-07-17 Summary Multiple XSS in AJAX confirmation messages. Description With a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when...

Self-XSS due to unescaped HTML output in database triggers page.

PMASA-2014-5 Announcement-ID: PMASA-2014-5 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database triggers page. Description When navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name. Severity We consider this vulnerability t...

Self-XSS due to unescaped HTML output in database structure page.

PMASA-2014-4 Announcement-ID: PMASA-2014-4 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database structure page. Description With a crafted table comment, it is possible to trigger an XSS in database structure page. Severity We consider this vulnerability to be non critical...

Self-XSS due to unescaped HTML output in recent/favorite tables navigation.

PMASA-2014-2 Announcement-ID: PMASA-2014-2 Date: 2014-06-20 Summary Self-XSS due to unescaped HTML output in recent/favorite tables navigation. Description When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. Severity We consid...

Self-XSS due to unescaped HTML output in navigation items hiding feature.

PMASA-2014-3 Announcement-ID: PMASA-2014-3 Date: 2014-06-20 Summary Self-XSS due to unescaped HTML output in navigation items hiding feature. Description When hiding or unhiding a crafted table name in the navigation, it is possible to trigger an XSS. Severity We consider this vulnerability to be...

Self-XSS due to unescaped HTML output in import.

PMASA-2014-1 Announcement-ID: PMASA-2014-1 Date: 2014-02-15 Summary Self-XSS due to unescaped HTML output in import. Description When importing a file with crafted filename, it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation factor This...

ClickJacking protection can be bypassed.

PMASA-2013-10 Announcement-ID: PMASA-2013-10 Date: 2013-08-04 Updated: 2013-08-05 Summary ClickJacking protection can be bypassed. Description phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be...

XSS vulnerability when a text to link transformation is used.

PMASA-2013-13 Announcement-ID: PMASA-2013-13 Date: 2013-07-28 Updated: 2013-07-30 Summary XSS vulnerability when a text to link transformation is used. Description When the TextLinkTransformationPlugin is used to create a link to an object when displaying the contents of a table, the object name ...

XSS due to unescaped HTML Output when executing a SQL query.

PMASA-2013-8 Announcement-ID: PMASA-2013-8 Date: 2013-07-28 Updated: 2013-07-30 Summary XSS due to unescaped HTML Output when executing a SQL query. Description Using a crafted SQL query, it was possible to produce an XSS on the SQL query form. Severity We consider these vulnerabilities to be non...

If a crafted version.json would be presented, an XSS could be introduced.

PMASA-2013-11 Announcement-ID: PMASA-2013-11 Date: 2013-07-28 Updated: 2013-07-30 Summary If a crafted version.json would be presented, an XSS could be introduced. Description Due to not properly validating the version.json file, which is fetched from the phpMyAdmin.net website, could lead to an...

Full path disclosure vulnerabilities.

PMASA-2013-12 Announcement-ID: PMASA-2013-12 Date: 2013-07-28 Updated: 2013-07-30 Summary Full path disclosure vulnerabilities. Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains...

SQL injection vulnerabilities, producing a privilege escalation (control user).

PMASA-2013-15 Announcement-ID: PMASA-2013-15 Date: 2013-07-28 Updated: 2013-08-06 Summary SQL injection vulnerabilities, producing a privilege escalation control user. Description Due to a missing validation of parameters passed to schemaexport.php and pmdpdf.php, it was possible to inject SQL...

Self-XSS due to unescaped HTML output in schema export.

PMASA-2013-14 Announcement-ID: PMASA-2013-14 Date: 2013-07-28 Updated: 2013-07-30 Summary Self-XSS due to unescaped HTML output in schema export. Description When calling schemaexport.php with crafted parameters, it is possible to trigger an XSS. Severity We consider this vulnerability to be non...

5 XSS vulnerabilities in setup, chart display, process list, and logo link.

PMASA-2013-9 Announcement-ID: PMASA-2013-9 Date: 2013-07-28 Updated: 2013-07-30 Summary 5 XSS vulnerabilities in setup, chart display, process list, and logo link. Description In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display...

Global variable scope injection.

PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope injection. Description The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. Severity We consider this...

XSS due to unescaped HTML output in Create View page.

PMASA-2013-6 Announcement-ID: PMASA-2013-6 Date: 2013-06-05 Summary XSS due to unescaped HTML output in Create View page. Description When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. Severity We consider this vulnerability to be non...

Global variables overwrite in "export.php".

PMASA-2013-5 Announcement-ID: PMASA-2013-5 Date: 2013-04-24 Summary Global variables overwrite in "export.php". Description The export script generates global variables from those present in the $$POST superglobal. This may lead to other exploits in the export script. Severity We consider this...

Remote code execution via preg_replace().

PMASA-2013-2 Announcement-ID: PMASA-2013-2 Date: 2013-04-24 Summary Remote code execution via pregreplace. Description In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expressio...

Local file inclusion vulnerability.

PMASA-2013-4 Announcement-ID: PMASA-2013-4 Date: 2013-04-24 Summary Local file inclusion vulnerability. Description In the Export feature, a parameter specifying the export type was not correctly validated, opening the door to a local file inclusion attack. Severity We consider this vulnerability...

Locally Saved SQL Dump File Multiple File Extension Remote Code Execution.

PMASA-2013-3 Announcement-ID: PMASA-2013-3 Date: 2013-04-24 Summary Locally Saved SQL Dump File Multiple File Extension Remote Code Execution. Description phpMyAdmin can be configured to save an export file on the web server, via its SaveDir directive. With this in place, it's possible, either vi...

XSS due to unescaped HTML output in GIS visualisation page.

PMASA-2013-1 Announcement-ID: PMASA-2013-1 Date: 2013-04-18 Summary XSS due to unescaped HTML output in GIS visualisation page. Description When modifying a URL parameter with a crafted value it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation...

Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages.

PMASA-2012-6 Announcement-ID: PMASA-2012-6 Date: 2012-10-12 Summary Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages. Description When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. Severity We consider these...

Fetching the version information from a non-SSL site is vulnerable to a MITM attack.

PMASA-2012-7 Announcement-ID: PMASA-2012-7 Date: 2012-10-12 Summary Fetching the version information from a non-SSL site is vulnerable to a MITM attack. Description To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.n...

One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.

PMASA-2012-5 Announcement-ID: PMASA-2012-5 Date: 2012-09-25 Updated: 2012-09-26 Summary One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor. Description One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a...

Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.

PMASA-2012-4 Announcement-ID: PMASA-2012-4 Date: 2012-08-16 Summary Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages. Description Using a crafted table name, it was possible to produce a XSS : 1 On the Database Structure page, creating a new table with a...

Path disclosure due to missing library.

PMASA-2012-3 Announcement-ID: PMASA-2012-3 Date: 2012-08-09 Summary Path disclosure due to missing library. Description The showconfigerrors.php script does not include a library, so an error message shows the full path of this file, leading to possible further attacks. Severity We consider this...

Path disclosure due to missing verification of file presence.

PMASA-2012-2 Announcement-ID: PMASA-2012-2 Date: 2012-03-28 Summary Path disclosure due to missing verification of file presence. Description The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to...