phpMyAdmin 4.0.2 Cross Site Scripting

2013.07.05
Credit: Maxim Rupp
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2013-3742
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

PMASA-2013-6 Announcement-ID: PMASA-2013-6 Date: 2013-06-05 Summary XSS due to unescaped HTML output in Create View page. Description When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation factor This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form. Affected Versions Versions 4.0.x are affected. Solution Upgrade to phpMyAdmin 4.0.3 or newer, or apply the patch listed below. References Thanks to Maxim Rupp for reporting this issue. Assigned CVE ids: CVE-2013-3742 CWE ids: CWE-661 CWE-79 view_create.php @@ -114,7 +114,8 @@ $response->addJSON( 'message', PMA_Message::error( - "<i>$sql_query</i><br /><br />" . PMA_DBI_getError() + "<i>" . htmlspecialchars($sql_query) . "</i><br /><br />" + . PMA_DBI_getError() ) ); $response->isSuccess(false);

References:

https://github.com/phpmyadmin/phpmyadmin/commit/9b3551601ce714adb5e3f428476052f0ec6093bf


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top