FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- multiple vulnerabilities

Affected packages
4.0 <= phpMyAdmin < 4.0.4.2
3.5 <= phpMyAdmin35 < 3.5.8.2

Details

VuXML ID f4a0212f-f797-11e2-9bb9-6805ca0b3d42
Discovery 2013-07-28
Entry 2013-07-28
Modified 2013-07-29

The phpMyAdmin development team reports:

XSS due to unescaped HTML Output when executing a SQL query.

5 XSS vulnerabilities in setup, chart display, process list, and logo link.

If a crafted version.json would be presented, an XSS could be introduced.

Full path disclosure vulnerabilities.

XSS vulnerability when a text to link transformation is used.

Self-XSS due to unescaped HTML output in schema export.

SQL injection vulnerabilities, producing a privilege escalation (control user).

References

URL http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view
URL http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php