Vulnerabilities > CVE-2004-1055
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
Vulnerable Configurations
Nessus
NASL family CGI abuses : XSS NASL id PHPMYADMIN_XSS.NASL description The version of phpMyAdmin installed on the remote host is vulnerable to cross-site scripting attacks through various parameters and scripts. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. last seen 2020-06-01 modified 2020-06-02 plugin id 15770 published 2004-11-19 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15770 title phpMyAdmin < 2.6.0-pl3 Multiple XSS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15770); script_version("1.22"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2004-1055"); script_bugtraq_id(11707); script_name(english:"phpMyAdmin < 2.6.0-pl3 Multiple XSS"); script_summary(english:"Checks the version of phpMyAdmin"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP script that is susceptible to cross-site scripting attacks." ); script_set_attribute(attribute:"description", value: "The version of phpMyAdmin installed on the remote host is vulnerable to cross-site scripting attacks through various parameters and scripts. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity." ); # http://web.archive.org/web/20070812185201/http://www.netvigilance.com/html/advisory0005.htm script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?72408672" ); script_set_attribute(attribute:"see_also", value:"http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3" ); script_set_attribute(attribute:"solution", value: "Upgrade to phpMyAdmin version 2.6.0-pl3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/19"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:phpmyadmin:phpmyadmin"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc."); script_family(english:"CGI abuses : XSS"); script_dependencie("phpMyAdmin_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/phpMyAdmin", "www/PHP"); exit(0); } # Check starts here include("http_func.inc"); port = get_http_port(default:80, embedded:TRUE); if(!get_port_state(port))exit(0); if (!can_host_php(port:port) ) exit(0); # Check an install. install = get_kb_item(string("www/", port, "/phpMyAdmin")); if (isnull(install)) exit(0); matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$"); if (!isnull(matches)) { ver = matches[1]; if ( ereg(pattern:"^(2\.[0-5]\..*|2\.6\.0|2\.6\.0-pl[12]([^0-9]|$))", string:ver)) { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); } }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-36.NASL description The remote host is affected by the vulnerability described in GLSA-200411-36 (phpMyAdmin: Multiple XSS vulnerabilities) Cedric Cochin has discovered multiple cross-site scripting vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited through the PmaAbsoluteUri parameter, the zero_rows parameter in read_dump.php, the confirm form, or an error message generated by the internal phpMyAdmin parser. Impact : By sending a specially crafted request, an attacker can inject and execute malicious script code, potentially compromising the victim last seen 2020-06-01 modified 2020-06-02 plugin id 15840 published 2004-11-27 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15840 title GLSA-200411-36 : phpMyAdmin: Multiple XSS vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200411-36. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15840); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2004-1055"); script_xref(name:"GLSA", value:"200411-36"); script_name(english:"GLSA-200411-36 : phpMyAdmin: Multiple XSS vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200411-36 (phpMyAdmin: Multiple XSS vulnerabilities) Cedric Cochin has discovered multiple cross-site scripting vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited through the PmaAbsoluteUri parameter, the zero_rows parameter in read_dump.php, the confirm form, or an error message generated by the internal phpMyAdmin parser. Impact : By sending a specially crafted request, an attacker can inject and execute malicious script code, potentially compromising the victim's browser. Workaround : There is no known workaround at this time." ); # http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3 script_set_attribute( attribute:"see_also", value:"https://www.phpmyadmin.net/security/PMASA-2004-3/" ); script_set_attribute( attribute:"see_also", value:"http://www.netvigilance.com/html/advisory0005.htm" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200411-36" ); script_set_attribute( attribute:"solution", value: "All phpMyAdmin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-2.6.0_p3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:phpmyadmin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-db/phpmyadmin", unaffected:make_list("ge 2.6.0_p3"), vulnerable:make_list("lt 2.6.0_p3"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpMyAdmin"); }