Cross-site scripting in phpMyAdmin - CVE-2011-2642

Detailed vulnerability description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via a crafted table name. Per: http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php 'The attacker must trick the victim into clicking a link that reaches phpMyAdmin's table print view script; one of the link's parameters is a crafted table name (the name containing Javascript code).' 'Mitigation factor The crafted table name must exist (the attacker must have access to create a table on the victim's server).&#039. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

How to mitigate CVE-2011-2642

Sources

• http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
• http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
• http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=4bd27166c314faa37cada91533b86377f4d4d214
• http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=a0823be05aa5835f207c0838b9cca67d2d9a050a
• http://secunia.com/advisories/45315
• http://secunia.com/advisories/45365
• http://secunia.com/advisories/45515
• http://www.debian.org/security/2011/dsa-2286
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
• http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php
• http://www.securityfocus.com/bid/48874
• https://bugzilla.redhat.com/show_bug.cgi?id=725381
• https://exchange.xforce.ibmcloud.com/vulnerabilities/68750