TYPO3 phpMyAdmin Extension Multiple Vulnerabilities


Description   Multiple vulnerabilities have been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious users to disclose certain sensitive information, conduct script insertion attacks, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks.
For more information:
SA59820 (#1, #3, #4)
SA60454 (#1)
The vulnerabilities are reported in versions prior to 4.18.5.
     
Vulnerable Products   Vulnerable Software:
phpMyAdmin (phpmyadmin) Extension for TYPO3 4.x
     
Solution   Update to version 4.18.5.
     
CVE   CVE-2014-9218
CVE-2014-8959
CVE-2014-8958
     
References   TYPO3-EXT-SA-2014-018:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-018/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Local File Inclusion - suspicious /etc/passwd found in URL
3.5.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2014-12-09 

 Target Type 
Server 

 Possible exploit 
Remote