Lucene search
This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.PHPMYADMIN_PMASA_2011_2.NASLHistoryMay 23, 2012 - 12:00 a.m.
phpMyAdmin 2.11.x / 3.3.x < 2.11.11.3 / 3.3.9.2 SQL Query Bookmarks Arbitrary SQL Query Execution (PMASA-2011-02)
2012-05-2300:00:00
This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
57
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.043
Percentile
92.4%
According to its self-identified version number, the phpMyAdmin install hosted on the remote web server allows creation of bookmarked SQL queries which could be unintentionally executed by other users.
Note that successful exploitation of this vulnerability requires that phpMyAdmin configuration storage is set up and enabled and that the application’s bookmarks feature is enabled.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(59244);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2011-0987");
script_bugtraq_id(46359);
script_name(english:"phpMyAdmin 2.11.x / 3.3.x < 2.11.11.3 / 3.3.9.2 SQL Query Bookmarks Arbitrary SQL Query Execution (PMASA-2011-02)");
script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts a PHP application that could be abused to
execute SQL queries.");
script_set_attribute(attribute:"description", value:
"According to its self-identified version number, the phpMyAdmin
install hosted on the remote web server allows creation of bookmarked
SQL queries which could be unintentionally executed by other users.
Note that successful exploitation of this vulnerability requires that
phpMyAdmin configuration storage is set up and enabled and that the
application's bookmarks feature is enabled.");
script_set_attribute(attribute:"see_also", value:"http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php");
script_set_attribute(attribute:"solution", value:
"Either upgrade to phpMyAdmin 2.11.11.3 / 3.3.9.2 or later, or apply
the patch from the referenced link");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-0987");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/11");
script_set_attribute(attribute:"patch_publication_date", value:"2011/02/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/23");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:phpmyadmin:phpmyadmin");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("phpMyAdmin_detect.nasl");
script_require_keys("www/PHP", "www/phpMyAdmin", "Settings/ParanoidReport");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
include("audit.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80, php:TRUE);
install = get_install_from_kb(appname:"phpMyAdmin", port:port, exit_on_fail:TRUE);
dir = install['dir'];
version = install['ver'];
location = build_url(qs:dir, port:port);
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, "phpMyAdmin", location);
if (version =~ "^2(\.11)?$" || version =~ "^3(\.3)?$")
exit(1, "The version of phpMyAdmin located at "+ location +" ("+ version +") is not granular enough.");
if (
# 2.11.x < 2.11.11.3
version =~ "^2\.11\.([0-9]|1[0-1](\.[0-2]|$))($|[^0-9])" ||
# 3.3.x < 3.3.9.2
version =~ "^3\.3\.([0-8]|9(\.1|$))([^0-9]|$)"
)
{
if (report_verbosity > 0)
{
report =
'\n URL : ' + location +
'\n Installed version : ' + version +
'\n Fixed version : 2.11.11.3 / 3.3.9.2' +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, "phpMyAdmin", location, version);
Related
debian
debian
[SECURITY] [DSA 2167-1] phpmyadmin security update
2011-02-16 18:10:32
openvas
openvas
Debian Security Advisory DSA 2167-1 (phpmyadmin)
2011-03-07 00:00:00
Debian: Security Advisory (DSA-2167-1)
2011-03-07 00:00:00
phpMyAdmin Bookmark Security Bypass Vulnerability
2011-02-15 00:00:00
debiancve
debiancve
CVE-2011-0987
2011-02-14 22:00:06
nessus
nessus
Fedora 15 : phpMyAdmin-3.3.9.2-1.fc15 (2011-1282)
2011-03-03 00:00:00
Debian DSA-2167-1 : phpmyadmin - SQL injection
2011-02-20 00:00:00
Fedora 13 : phpMyAdmin-3.3.9.2-1.fc13 (2011-1373)
2011-03-01 00:00:00
nvd
nvd
CVE-2011-0987
2011-02-14 22:00:06
cve
cve
CVE-2011-0987
2011-02-14 22:00:06
prion
prion
Design/Logic Flaw
2011-02-14 22:00:00
ubuntucve
ubuntucve
CVE-2011-0987
2011-02-14 00:00:00
cvelist
cvelist
CVE-2011-0987
2011-02-14 21:00:00
phpmyadmin
phpmyadmin
SQL query could be executed under another user.
2011-02-11 00:00:00
securityvulns
securityvulns
[ MDVSA-2011:026 ] phpmyadmin
2011-02-14 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2012-01-04 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.043
Percentile
92.4%
Related for PHPMYADMIN_PMASA_2011_2.NASL