Multiple vulnerabilities in phpMyAdmin

2005.11.15
Credit: Toni Koivunen
Risk: Low
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

======================================================================== ======= _________________________________________ Security Advisory _________________________________________ http://www.fitsec.com/advisories/FS-05-02.txt _________________________________________ Severity: Low/Medium Title: Multiple vulnerabilities in phpMyAdmin Date: 12.11.2005 ID: FS-05-02 Author: Toni Koivunen (toni.koivunen (at) fitsec.com) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Background: phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields. Affected versions: Atleast 2.7.0-beta1, most likely others versions also. Description: Vuln 1: Full Path Disclosures in the following files: libraries/string.lib.php libraries/storage_engines.lib.php libraries/sqlparser.lib.php libraries/sql_query_form.lib.php libraries/select_theme.lib.php libraries/select_lang.lib.php libraries/relation_cleanup.lib.php libraries/left_header.inc.php libraries/import.lib.php libraries/header_meta_style.inc.php libraries/grab_globals.lib.php libraries/get_foreign.lib.php (get_foreign.lib.php?field=foo&foreigners[foo]=foo) libraries/display_tbl_links.lib.php (display_tbl_links.lib.php?doWriteModifyAt=left&edit_url=foo) libraries/display_import.lib.php libraries/display_export.lib.php libraries/display_create_table.lib.php libraries/display_create_database.lib.php libraries/db_table_exists.lib.php libraries/database_interface.lib.php libraries/common.lib.php libraries/check_user_privileges.lib.php libraries/charset_conversion.lib.php (charset_conversion.lib.php?cfg[AllowAnywhereRecoding]=true&allow_recodi ng=true) libraries/sqlvalidator.lib.php (libraries/sqlvalidator.lib.php?cfg[SQLValidator]=use=TRUE) libraries/import/sql.php libraries/fpdf/ufpdf.php libraries/auth/cookie.auth.lib.php (libraries/auth/cookie.auth.lib.php?coming_from_common=true) Vuln 2: Http Response Splitting in libraries/header_http.inc.php The script doesn't check for direct access. If register_globals is on, it is possible for a remote attacker to cause http response splitting. Impact: A remote attacker could exploit this to learn installation paths on server. The HTTP Response splitting vulnerability can lead to user compromise amongst other things. Status: 12.11.2005 Vulnerabilities found Acknowledgements: To the community at dievo.org, keep it up :)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top