PMASA-2005-5

Announcement-ID: PMASA-2005-5

Date: 2005-10-22

Updated: 2005-10-25

Summary

(1) Local file inclusion vulnerability and (2) Cross-Site Scripting vulnerability

Description

We received a security advisory from Stefan Esser (sesser@hardened-php.net) about (1). We received a security advisory from Tobias Klein (tk@trapkit.de) about (2). We wish to thank both of them for their work.

(1) : Due to the sequence of execution in the code that gets form parameters in some scripts, it was possible to craft a special attack form that overwrites configuration parameters.

(2) : Some scripts were vulnerable to XSS attacks: left.php, queryframe.php and server_databases.php.

Severity

We consider these vulnerabilities to be serious. However, (1) can be exploited only on systems not running in PHP safe mode (unless a deliberate hole was opened by including in open_basedir some paths containing sensitive data).

Affected Versions

We did not make an extensive verification on this. Probably all previous versions.

Solution

Upgrade to phpMyAdmin 2.6.4-pl3 or newer.

References

For (1): http://www.hardened-php.net/advisory_162005.73.html
For (2): http://www.trapkit.de/advisories/TKADV2005-10-001.txt

CWE ids: CWE-661 CWE-98 CWE-79

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements