Summary
phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTTP response-splitting vulnerability and a local file-include vulnerability.
These issues can be leveraged to view or execute arbitrary local scripts, or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. Other attacks are also possible.
Versions prior to phpMyAdmin 3.1.3.1 are vulnerable.
Solution
Vendor updates are available. Please see http://www.phpmyadmin.net for more Information.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
- AWCM CMS Multiple Remote File Include Vulnerabilities