Bringing MySQL to the web

PMASA-2010-5

Announcement-ID: PMASA-2010-5

Date: 2010-08-20

Summary

Several XSS vulnerabilities were found in the code.

Description

It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages.

Severity

We consider this vulnerability to be serious.

Mitigation factor

If the auth_type directive is set to 'config' and the directory is not protected, these attacks are more likely to succeed; otherwise, an attacker would need to obtain a valid token via another flaw on the server to be able to exploit these vulnerabilities.

Affected Versions

For 2.11.x: versions before 2.11.10.1 are affected.<br /> For 3.x: versions before 3.3.5.1 are affected.

Solution

Upgrade to phpMyAdmin 3.3.5.1 or 2.11.10.1 or newer or apply patch listed below.

References

Thanks to Aung Khant from YGN Ethical Hacker Group, Myanmar for reporting this issue. See their advisory for more details. After this report the team did audit the code as well and discovered more issues which are fixed as well.

Assigned CVE ids: CVE-2010-3056

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

The following commits have been made on the 2.11 branch to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.