Summary
This host is running phpMyAdmin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker cause XSS, Directory Traversal attacks or can injection malicious PHP Codes to gain sensitive information about the remote host.
Solution
Upgrade to version 2.11.9.5 or 3.1.3.1
http://www.phpmyadmin.net/home_page/downloads.php
Workaround:
Update the existing PHP files from the below SVN Revisions.
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12301 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12302 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12303
*****
Note: Igone the warning, if already replaced according to the fixed svn revision numbers.
*****
Insight
Multiple flaws are due to,
- BLOB streaming feature in 'bs_disp_as_mime_type.php' causes CRLF Injection which lets the attacker inject arbitrary data in the HTTP headers through the 'c_type' and 'file_type' parameters.
- XSS Vulnerability in 'display_export.lib.php' as its not sanitizing the 'pma_db_filename_template' parameter.
- Static code injection vulnerability in 'setup.php' which can be used to inject PHP Codes.
- Filename 'bs_disp_as_mime_type.php' which is not sanitizing user supplied inputs in the filename variable which causes directory traversal attacks.
Affected
phpMyAdmin version 2.11.x to 2.11.9.4 and 3.0.x to 3.1.3
References
Severity
Classification
-
CVE CVE-2009-1148, CVE-2009-1149, CVE-2009-1150, CVE-2009-1151 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- b2Evolution title SQL Injection
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- 4psa Voipnow Local File Inclusion Vulnerability