Vulnerabilities > CVE-2015-7873 - 7PK - Security Features vulnerability in PHPmyadmin

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
phpmyadmin
CWE-254
nessus

Summary

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_08D1113479C511E589876805CA0B3D42.NASL
    descriptionThe phpMyAdmin development team reports : This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin
    last seen2020-06-01
    modified2020-06-02
    plugin id86584
    published2015-10-26
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86584
    titleFreeBSD : phpMyAdmin -- Content spoofing vulnerability (08d11134-79c5-11e5-8987-6805ca0b3d42)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86584);
      script_version("2.3");
      script_cvs_date("Date: 2018/11/10 11:49:44");
    
      script_cve_id("CVE-2015-7873");
    
      script_name(english:"FreeBSD : phpMyAdmin -- Content spoofing vulnerability (08d11134-79c5-11e5-8987-6805ca0b3d42)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The phpMyAdmin development team reports :
    
    This vulnerability allows an attacker to perform a content spoofing
    attack using the phpMyAdmin's redirection mechanism to external sites.
    
    We consider this vulnerability to be non critical since the spoofed
    content is escaped and no HTML injection is possible."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.phpmyadmin.net/security/PMASA-2015-5/"
      );
      # https://vuxml.freebsd.org/freebsd/08d11134-79c5-11e5-8987-6805ca0b3d42.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?63d27bc6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:phpMyAdmin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"phpMyAdmin>=4.4.0<4.4.15.1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"phpMyAdmin>=4.5.0<4.5.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-17908C56C1.NASL
    descriptionphpMyAdmin 4.5.1.0 (2015-10-23) =============================== - Invalid argument supplied for foreach() - array_key_exists() expects parameter 2 to be array - Notice Undefined index: drop_database - Server variable edition in ANSI_QUOTES sql_mode: losing current value - Propose table structure broken - phpMyAdmin suggests upgrading to newer version not usable on that system -
    last seen2020-06-05
    modified2016-03-04
    plugin id89157
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89157
    titleFedora 22 : php-udan11-sql-parser-3.0.4-1.fc22 / phpMyAdmin-4.5.1-1.fc22 (2015-17908c56c1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-17908c56c1.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89157);
      script_version("2.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-7873");
      script_xref(name:"FEDORA", value:"2015-17908c56c1");
    
      script_name(english:"Fedora 22 : php-udan11-sql-parser-3.0.4-1.fc22 / phpMyAdmin-4.5.1-1.fc22 (2015-17908c56c1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "phpMyAdmin 4.5.1.0 (2015-10-23) =============================== -
    Invalid argument supplied for foreach() - array_key_exists() expects
    parameter 2 to be array - Notice Undefined index: drop_database -
    Server variable edition in ANSI_QUOTES sql_mode: losing current value
    - Propose table structure broken - phpMyAdmin suggests upgrading to
    newer version not usable on that system - 'PMA_Microhistory' is
    undefined - Incorrect definition for getTablesWhenOpen() - Error when
    creating new user on MariaDB 10.0.21 - Notice on htmlspecialchars() -
    Notice in Structure page of views - AUTO_INCREMENT always exported
    when IF NOT EXISTS is on - Some partitions are missing in copied table
    - Notice of undefined variable when performing SHOW CREATE - Error
    exporting sql query results with table alias - SQL editing window does
    not recognise 'OUTER' keyword in 'LEFT OUTER JOIN' - 'NOT IN' clause
    not recognized (MySQL 5.6 and 5.7) - Yellow star does not change in
    database Structure after add/remove from favorites - Invalid SQL in
    table definition when exporting table - Foreign key to other
    database's tables fails - Bug while exporting results when a joined
    table field name is in SELECT query - Strange behavior on table rename
    - Rename table does not result in refresh in left panel - Missing
    arguments for PMA_Table::generateAlter() - Notices about undefined
    indexes on structure pages of information_schema tables
    
      - Change minimum PHP version for Composer - Import parser
        and backslash - 'Visualize GIS data' seems to be broken
        - Confirm box on 'Reset slave' option - Fix cookies
        clearing on version change - Cannot execute SQL with
        subquery - Incorrect syntax creating a user using
        mysql_native_password with MariaDB - Cannot use
        third-party auth plugins
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1275108"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169986.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5528164e"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6a6f8688"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected php-udan11-sql-parser and / or phpMyAdmin
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-udan11-sql-parser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:phpMyAdmin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC22", reference:"php-udan11-sql-parser-3.0.4-1.fc22")) flag++;
    if (rpm_check(release:"FC22", reference:"phpMyAdmin-4.5.1-1.fc22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-udan11-sql-parser / phpMyAdmin");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3382.NASL
    descriptionSeveral issues have been fixed in phpMyAdmin, the web administration tool for MySQL. - CVE-2014-8958 (Wheezy only) Multiple cross-site scripting (XSS) vulnerabilities. - CVE-2014-9218 (Wheezy only) Denial of service (resource consumption) via a long password. - CVE-2015-2206 Risk of BREACH attack due to reflected parameter. - CVE-2015-3902 XSRF/CSRF vulnerability in phpMyAdmin setup. - CVE-2015-3903 (Jessie only) Vulnerability allowing man-in-the-middle attack on API call to GitHub. - CVE-2015-6830 (Jessie only) Vulnerability that allows bypassing the reCaptcha test. - CVE-2015-7873 (Jessie only) Content spoofing vulnerability when redirecting user to an external site.
    last seen2020-06-01
    modified2020-06-02
    plugin id86665
    published2015-10-30
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86665
    titleDebian DSA-3382-1 : phpmyadmin - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3382. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86665);
      script_version("2.4");
      script_cvs_date("Date: 2018/11/10 11:49:37");
    
      script_cve_id("CVE-2014-8958", "CVE-2014-9218", "CVE-2015-2206", "CVE-2015-3902", "CVE-2015-3903", "CVE-2015-6830", "CVE-2015-7873");
      script_xref(name:"DSA", value:"3382");
    
      script_name(english:"Debian DSA-3382-1 : phpmyadmin - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several issues have been fixed in phpMyAdmin, the web administration
    tool for MySQL.
    
      - CVE-2014-8958 (Wheezy only)
        Multiple cross-site scripting (XSS) vulnerabilities.
    
      - CVE-2014-9218 (Wheezy only)
        Denial of service (resource consumption) via a long
        password.
    
      - CVE-2015-2206
        Risk of BREACH attack due to reflected parameter.
    
      - CVE-2015-3902
        XSRF/CSRF vulnerability in phpMyAdmin setup.
    
      - CVE-2015-3903 (Jessie only)
        Vulnerability allowing man-in-the-middle attack on API
        call to GitHub.
    
      - CVE-2015-6830 (Jessie only)
        Vulnerability that allows bypassing the reCaptcha test.
    
      - CVE-2015-7873 (Jessie only)
        Content spoofing vulnerability when redirecting user to
        an external site."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774194"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-8958"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-9218"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-2206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-3902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-3903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-6830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-7873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/phpmyadmin"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/phpmyadmin"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2015/dsa-3382"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the phpmyadmin packages.
    
    For the oldstable distribution (wheezy), these problems have been
    fixed in version 4:3.4.11.1-2+deb7u2.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 4:4.2.12-2+deb8u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:phpmyadmin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"phpmyadmin", reference:"4:3.4.11.1-2+deb7u2")) flag++;
    if (deb_check(release:"8.0", prefix:"phpmyadmin", reference:"4:4.2.12-2+deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-712.NASL
    descriptionphpMyAdmin was updated to fix one security issue. This security issue was fixed : - CVE-2015-7873: The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allowed remote attackers to spoof content via the url parameter (bsc#951960).
    last seen2020-06-05
    modified2015-11-20
    plugin id86958
    published2015-11-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86958
    titleopenSUSE Security Update : phpMyAdmin (openSUSE-2015-712)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-712.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86958);
      script_version("2.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-7873");
    
      script_name(english:"openSUSE Security Update : phpMyAdmin (openSUSE-2015-712)");
      script_summary(english:"Check for the openSUSE-2015-712 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "phpMyAdmin was updated to fix one security issue.
    
    This security issue was fixed :
    
      - CVE-2015-7873: The redirection feature in url.php in
        phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1
        allowed remote attackers to spoof content via the url
        parameter (bsc#951960)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951960"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected phpMyAdmin package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:phpMyAdmin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"phpMyAdmin-4.4.15.1-3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpMyAdmin");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-5C06260C4B.NASL
    descriptionphpMyAdmin 4.5.1.0 (2015-10-23) =============================== - Invalid argument supplied for foreach() - array_key_exists() expects parameter 2 to be array - Notice Undefined index: drop_database - Server variable edition in ANSI_QUOTES sql_mode: losing current value - Propose table structure broken - phpMyAdmin suggests upgrading to newer version not usable on that system -
    last seen2020-06-05
    modified2016-03-04
    plugin id89250
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89250
    titleFedora 21 : php-udan11-sql-parser-3.0.4-1.fc21 / phpMyAdmin-4.5.1-1.fc21 (2015-5c06260c4b)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-710.NASL
    descriptionphpMyAdmin was updated to version 4.4.15.1 to fix one security issue. This security issue was fixed : - CVE-2015-7873: The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allowed remote attackers to spoof content via the url parameter (bsc#951960).
    last seen2020-06-05
    modified2015-11-09
    plugin id86801
    published2015-11-09
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86801
    titleopenSUSE Security Update : phpMyAdmin (openSUSE-2015-710)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-287C164DF5.NASL
    descriptionphpMyAdmin 4.5.1.0 (2015-10-23) =============================== - Invalid argument supplied for foreach() - array_key_exists() expects parameter 2 to be array - Notice Undefined index: drop_database - Server variable edition in ANSI_QUOTES sql_mode: losing current value - Propose table structure broken - phpMyAdmin suggests upgrading to newer version not usable on that system -
    last seen2020-06-05
    modified2016-03-04
    plugin id89184
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89184
    titleFedora 23 : php-udan11-sql-parser-3.0.4-1.fc23 / phpMyAdmin-4.5.1-1.fc23 (2015-287c164df5)