Vulnerabilities > CVE-2005-3665 - Cross-Site Scripting vulnerability in PHPMyAdmin
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_004.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:004 (phpMyAdmin). Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665). We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above. last seen 2019-10-28 modified 2006-01-29 plugin id 20820 published 2006-01-29 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20820 title SUSE-SA:2006:004: phpMyAdmin NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200512-03.NASL description The remote host is affected by the vulnerability described in GLSA-200512-03 (phpMyAdmin: Multiple vulnerabilities) Stefan Esser from Hardened-PHP reported about multiple vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable import_blacklist to open phpMyAdmin to local and remote file inclusion, depending on your PHP version (CVE-2005-4079, PMASA-2005-9). Furthermore, it is also possible to conduct an XSS attack via the $HTTP_HOST variable and a local and remote file inclusion because the contents of the variable are under total control of the attacker (CVE-2005-3665, PMASA-2005-8). Impact : A remote attacker may exploit these vulnerabilities by sending malicious requests, causing the execution of arbitrary code with the rights of the user running the web server. The cross-site scripting issues allow a remote attacker to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially allowing unauthorized access to phpMyAdmin. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20312 published 2005-12-15 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20312 title GLSA-200512-03 : phpMyAdmin: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1207.NASL description The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, please find below the original advisory text : Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3621 CRLF injection vulnerability allows remote attackers to conduct HTTP response splitting attacks. - CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. - CVE-2006-1678 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via scripts in the themes directory. - CVE-2006-2418 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the db parameter of footer.inc.php. - CVE-2006-5116 A remote attacker could overwrite internal variables through the _FILES global variable. last seen 2020-06-01 modified 2020-06-02 plugin id 23656 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23656 title Debian DSA-1207-2 : phpmyadmin - several vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_59ADA6E5676A11DA99F600123FFE8333.NASL description A phpMyAdmin security advisory reports : It was possible to conduct an XSS attack via the HTTP_HOST variable; also, some scripts in the libraries directory that handle header generation were vulnerable to XSS. last seen 2020-06-01 modified 2020-06-02 plugin id 21432 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21432 title FreeBSD : phpmyadmin -- XSS vulnerabilities (59ada6e5-676a-11da-99f6-00123ffe8333)
References
- http://secunia.com/advisories/17895
- http://secunia.com/advisories/17957
- http://secunia.com/advisories/18618
- http://secunia.com/advisories/22781
- http://www.debian.org/security/2006/dsa-1207
- http://www.gentoo.org/security/en/glsa/glsa-200512-03.xml
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-8
- http://www.securityfocus.com/archive/1/423142/100/0/threaded
- http://www.securityfocus.com/bid/15735
- http://www.vupen.com/english/advisories/2005/2772