PMASA-2004-3

Announcement-ID: PMASA-2004-3

Date: 2004-11-18

Summary

Multiple XSS vulnerability were found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks.

Description

We received a security advisory from Cedric Cochin (netvigilance.com) about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points:

1. The logic used to auto-detect the PmaAbsoluteUri parameter can be fooled by adding an extra "/" and a crafted URL.
2. read_dump.php can be called with a crafted url; using the fact that the zero_rows variable is not sanitized can lead to an attack.
3. The confirm form (for example after a DROP DATABASE statement) can be used for a XSS attack.
4. The internal phpMyAdmin parser does not sanitize the error message sent after an error like a punctuation problem.

Severity

As any of those vulnerabilites can be used for a XSS attack, we consider them to be serious.

Affected Versions

Not all previous versions are affected by all vulnerabilities, but it's safe to say that releases up to and including 2.6.0-pl2 are at risk.

Unaffected Versions

CVS HEAD has been fixed. The upcoming 2.6.0-pl3 release.

Solution

We strongly advise everyone to upgrade to the next version of phpMyAdmin, which is to be released soon.

References

http://www.netvigilance.com/html/advisory0005.htm

Assigned CVE ids: CVE-2004-1055

CWE ids: CWE-661 CWE-79

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements