Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
phpmyadminPhpMyAdminPHPMYADMIN:PMASA-2012-4
HistoryAug 16, 2012 - 12:00 a.m.

Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.

2012-08-1600:00:00
www.phpmyadmin.net
22

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

36.9%

JSON

PMASA-2012-4

Announcement-ID: PMASA-2012-4

Date: 2012-08-16

Summary

Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.

Description

Using a crafted table name, it was possible to produce a XSS : 1) On the Database Structure page, creating a new table with a crafted name 2) On the Database Structure page, using the Empty and Drop links of the crafted table name 3) On the Table Operations page of a crafted table, using the β€˜Empty the table (TRUNCATE)’ and β€˜Delete the table (DROP)’ links 4) On the Triggers page of a database containing tables with a crafted name, when opening the β€˜Add Trigger’ popup 5) When creating a trigger for a table with a crafted name, with an invalid definition. Having crafted data in a database table, it was possible to produce a XSS : 6) When visualizing GIS data, having a crafted label name.

Severity

We consider these vulnerabilities to be non critical.

Mitigation factor

These XSS can only be triggered when a table with a crafted name is already present, or if crafted data is already stored in a database table.

Affected Versions

Versions 3.4.x are affected, for issues #1 and #2. Versions 3.5.x are affected, for all issues.

Solution

Upgrade to phpMyAdmin 3.4.11.1 or 3.5.2.2 or newer or apply the patches listed below.

References

Thanks to Emanuel Bronshtein for reporting issues #2, #3 and #4.

Assigned CVE ids: CVE-2012-4345

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

The following commits have been made on the 3.4 branch to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Related

osv 3
github 2
openvas 8
debiancve 2
cvelist 2
ubuntucve 2
seebug 1
nessus 6
nvd 2
prion 2
freebsd 1
cve 2
fedora 3
osv
osv
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
2022-05-17 05:12:26
phpMyAdmin Multiple XSS Vulnerabilities
2022-05-17 05:25:11
phpMyAdmin-4.6.5.2-1.1 on GA media
2024-06-15 00:00:00
github
github
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
2022-05-17 05:12:26
phpMyAdmin Multiple XSS Vulnerabilities
2022-05-17 05:25:11
openvas
openvas
FreeBSD Ports: phpMyAdmin
2012-08-30 00:00:00
FreeBSD Ports: phpMyAdmin
2012-08-30 00:00:00
Fedora Update for phpMyAdmin FEDORA-2012-12031
2012-08-30 00:00:00
debiancve
debiancve
CVE-2012-4345
2012-08-21 23:55:01
CVE-2012-4579
2012-08-21 23:55:01
cvelist
cvelist
CVE-2012-4345
2012-08-21 23:00:00
CVE-2012-4579
2012-08-21 23:00:00
ubuntucve
ubuntucve
CVE-2012-4345
2012-08-21 00:00:00
CVE-2012-4579
2012-08-21 00:00:00
seebug
seebug
phpMyAdmin 3.4.x 倚δΈͺHTML注ε…₯漏洞
2012-08-21 00:00:00
nessus
nessus
FreeBSD : phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (db1d3340-e83b-11e1-999b-e0cb4e266481)
2012-08-17 00:00:00
openSUSE Security Update : phpMyAdmin (openSUSE-SU-2012:1062-1)
2014-06-13 00:00:00
Fedora 17 : phpMyAdmin-3.5.2.2-1.fc17 (2012-12031)
2012-08-29 00:00:00
nvd
nvd
CVE-2012-4345
2012-08-21 23:55:01
CVE-2012-4579
2012-08-21 23:55:01
prion
prion
Cross site scripting
2012-08-21 23:55:00
Cross site scripting
2012-08-21 23:55:00
freebsd
freebsd
phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages
2012-08-12 00:00:00
cve
cve
CVE-2012-4345
2012-08-21 23:55:01
CVE-2012-4579
2012-08-21 23:55:01
fedora
fedora
[SECURITY] Fedora 17 Update: phpMyAdmin-3.5.2.2-1.fc17
2012-08-28 23:25:59
[SECURITY] Fedora 18 Update: phpMyAdmin-3.5.2.2-1.fc18
2012-09-17 23:52:42
[SECURITY] Fedora 16 Update: phpMyAdmin-3.5.2.2-1.fc16
2012-08-28 23:32:01

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

36.9%

JSON
Related for PHPMYADMIN:PMASA-2012-4
osv3github2openvas8debiancve2cvelist2ubuntucve2seebug1nessus6nvd2prion2freebsd1cve2fedora3