Vulnerabilities > CVE-2007-1325 - Remote Denial of Service vulnerability in phpMyAdmin PMA_ArrayWalkRecursive Function

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
phpmyadmin
nessus

Summary

The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. This vulnerability is addressed in the following product update: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_PHPMYADMIN-3990.NASL
    descriptionMultiple bugs in phpMyAdmin could lead to cross-site-scripting (XSS) attacks, injection of JavaScript code or to crashing the php interpreter. (CVE-2007-1325,PMASA-2007-1,PMASA-2007-2,PMASA-2007-3,PMASA- 2007-4)
    last seen2020-06-01
    modified2020-06-02
    plugin id27397
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27397
    titleopenSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-3990)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1370.NASL
    descriptionSeveral remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1325 The PMA_ArrayWalkRecursive function in libraries/common.lib.php does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. This issue affects only the stable distribution (Etch). - CVE-2007-1395 Incomplete blacklist vulnerability in index.php allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>. This issue affects only the stable distribution (Etch). - CVE-2007-2245 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function. - CVE-2006-6942 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. This issue affects only the oldstable distribution (Sarge). - CVE-2006-6944 phpMyAdmin allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. This issue affects only the oldstable distribution (Sarge).
    last seen2020-06-01
    modified2020-06-02
    plugin id26031
    published2007-09-14
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26031
    titleDebian DSA-1370-1 : phpmyadmin - several vulnerabilities