phpMyAdmin Multiple Vulnerabilities Fixed by 4.6.2 and 4.4.15.6


Description   (#Several vulnerabilities had been identified in phpMyAdmin:#- CVE-2016-5097: information disclosure. A remote attacker could exploit it by monitoring user query. This vulnerability is due to the presence of complete SQL query in the GET parameters##- CVE-2016-5098: directory traversal. A remote attacker could exploit it by intercepting and modifying the user's POST data in order to determine whether an arbitrary file exists on the file system and the size of that file##- CVE-2016-5099: cross-site scripting. An attacker could inject arbitrary HTML code.##Updated, 30/05/2015:#The phpmyadmin packages provided by Debian Wheezy 7 and Jessie 8 are vulnerable (CVE-2016-5097, CVE-2016-5099).)
     
Vulnerable Products   Vulnerable OS:
FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 7, 8openSUSE (SUSE) - 13.1, 13.2, Leap 42.1Vulnerable Software:
PhpMyAdmin (PhpMyAdmin) -
     
Solution   Fixed phpmyadmin packages for Debian Jessie 8 are available (CVE-2016-5099).
     
CVE   CVE-2016-5099
CVE-2016-5098
CVE-2016-5097
     
References   - PMASA-2016-14 : Sensitive Data in URL GET Query Parameters
https://www.phpmyadmin.net/security/PMASA-2016-14/
- PMASA-2016-16 : Self XSS
https://www.phpmyadmin.net/security/PMASA-2016-16/
- VuXML : phpmyadmin -- XSS and sensitive data leakage
http://www.vuxml.org/freebsd/00ec1be1-22bb-11e6-9ead-6805ca0b3d42.html
- openSUSE-SU-2016:1434-1 : Security update for phpMyAdmin
https://lists.opensuse.org/opensuse-updates/2016-05/msg00119.html
- Debian Security Tracker : phpmyadmin
https://security-tracker.debian.org/tracker/CVE-2016-5097
https://security-tracker.debian.org/tracker/CVE-2016-5099
- openSUSE-SU-2016:1556-1 : Security update for phpMyAdmin
https://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html
- DSA 3627-1 : phpmyadmin security update
https://lists.debian.org/debian-security-announce/2016/msg00205.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-05-25 

 Target Type 
Client + Server 

 Possible exploit 
Remote