Vulnerabilities > CVE-2005-2869 - Unspecified vulnerability in PHPmyadmin
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
Vulnerable Configurations
Exploit-Db
| description | PHPMyAdmin 2.x Error.PHP Cross-Site Scripting Vulnerability. CVE-2005-2869. Webapps exploit for php platform |
| id | EDB-ID:26199 |
| last seen | 2016-02-03 |
| modified | 2005-08-28 |
| published | 2005-08-28 |
| reporter | Michal Cihar |
| source | https://www.exploit-db.com/download/26199/ |
| title | PHPMyAdmin 2.x Error.PHP Cross-Site Scripting Vulnerability |
Nessus
NASL family CGI abuses : XSS NASL id PHPMYADMIN_264.NASL description According to its banner, the version of phpMyAdmin installed on the remote host may suffer from two cross-site scripting vulnerabilities due to its failure to sanitize user input to the last seen 2020-06-01 modified 2020-06-02 plugin id 19519 published 2005-08-29 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19519 title phpMyAdmin < 2.6.4 Multiple XSS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(19519); script_version("1.18"); script_cvs_date("Date: 2018/07/24 18:56:11"); script_cve_id("CVE-2005-2869"); script_bugtraq_id(14674, 14675); script_name(english:"phpMyAdmin < 2.6.4 Multiple XSS"); script_summary(english:"Checks for multiple cross-site scripting vulnerabilities in phpMyAdmin < 2.6.4"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by cross-site scripting vulnerabilities." ); script_set_attribute(attribute:"description", value: "According to its banner, the version of phpMyAdmin installed on the remote host may suffer from two cross-site scripting vulnerabilities due to its failure to sanitize user input to the 'error' parameter of the 'error.php' script and in 'libraries/auth/cookie.auth.lib.php'. A remote attacker may use these vulnerabilities to cause arbitrary HTML and script code to be executed in a user's browser within the context of the affected application." ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e8e06c0" ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f133bb25" ); script_set_attribute(attribute:"solution", value:"Upgrade to phpMyAdmin 2.6.4-rc1 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/29"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/07/19"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:phpmyadmin:phpmyadmin"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses : XSS"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencie("phpMyAdmin_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/phpMyAdmin", "www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80, php:TRUE); # Test an install. install = get_kb_item(string("www/", port, "/phpMyAdmin")); if (isnull(install)) exit(0); matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$"); if (!isnull(matches)) { ver = matches[1]; if (ver =~ "^([01]\.|2\.([0-5]\.|6\.[0-3]))") { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); } }NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_066.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:066 (phpMyAdmin). The MySQL configuration frontend phpMyAdmin was updated to fix the following security problems which can be remotely exploited: - Multiple cross-site scripting (XSS) bugs (CVE-2005-3301, CVE-2005-2869, PMASA-2005-5). - Multiple file inclusion vulnerabilities that allowed an attacker to include arbitrary files (CVE-2005-3300, CVE-2005-3301, PMASA-2005-5). last seen 2019-10-28 modified 2005-11-21 plugin id 20240 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20240 title SUSE-SA:2005:066: phpMyAdmin NASL family Debian Local Security Checks NASL id DEBIAN_DSA-880.NASL description Several cross-site scripting vulnerabilities have been discovered in phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2869 Andreas Kerber and Michal Cihar discovered several cross-site scripting vulnerabilities in the error page and in the cookie login. - CVE-2005-3300 Stefan Esser discovered missing safety checks in grab_globals.php that could allow an attacker to induce phpmyadmin to include an arbitrary local file. - CVE-2005-3301 Tobias Klein discovered several cross-site scripting vulnerabilities that could allow attackers to inject arbitrary HTML or client-side scripting. The version in the old stable distribution (woody) has probably its own flaws and is not easily fixable without a full audit and patch session. The easier way is to upgrade it from woody to sarge. last seen 2020-06-01 modified 2020-06-02 plugin id 22746 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22746 title Debian DSA-880-1 : phpmyadmin - several vulnerabilities
References
- http://secunia.com/advisories/16605
- http://secunia.com/advisories/17337
- http://secunia.com/advisories/17559
- http://secunia.com/advisories/17607
- http://sourceforge.net/tracker/index.php?func=detail&aid=1240880&group_id=23067&atid=377408
- http://sourceforge.net/tracker/index.php?func=detail&aid=1265740&group_id=23067&atid=377408
- http://www.debian.org/security/2005/dsa-880
- http://www.novell.com/linux/security/advisories/2005_28_sr.html
- http://www.novell.com/linux/security/advisories/2005_66_phpmyadmin.html