WordPress Portable PhpMyAdmin Plugin 'wp-pma-mod' Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Portable phpMyAdmin Plugin and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to gain sensitive information. Impact Level: Application

Solution

Upgrade to the WordPress Portable phpMyAdmin Plugin 1.3.1 or later, For updates refer to http://wordpress.org/extend/plugins/portable-phpmyadmin/

Insight

The plugin fails to verify an existing WordPress session when accessing the plugin file path directly. An attacker can get a full phpMyAdmin console with the privilege level of the MySQL configuration of WordPress by accessing 'wp-content/plugins/portable-phpmyadmin/wp-pma-mod'.

Affected

WordPress Portable phpMyAdmin plugin version 1.3.0

References

http://osvdb.org/88391
http://packetstormsecurity.org/files/118805/WordPress-portable-phpMyAdmin-1.3.0-Authentication-Bypass.html
http://seclists.org/bugtraq/2012/Dec/91
http://secunia.com/advisories/51520/
http://www.exploit-db.com/exploits/23356/
http://xforce.iss.net/xforce/xfdb/80654

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5469

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

A-A-S Application Access Server Multiple Vulnerabilities
artmedic_links5 File Inclusion Vulnerability
'research_display.php' SQL Injection Vulnerability
A-Blog 'sources/search.php' SQL Injection Vulnerability
A Really Simple Chat Multiple SQL Injection Vulnerabilities

WordPress Portable phpMyAdmin Plugin 'wp-pma-mod' Security Bypass Vulnerability

Take action and discover your vulnerabilities