USN-4639-1: phpMyAdmin vulnerabilities

U

Ubuntu security notices

Guest
It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. (CVE-2018-19968) It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this for an XSS attack. (CVE-2018-19970) It was discovered that phpMyAdmin mishandled certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack via a crafted URL. (CVE-2018-7260) It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database name. (CVE-2019-11768) It was discovered that phpmyadmin incorrectly handled some requests. An attacker could possibly use this to perform a CSRF attack. (CVE-2019-12616) It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted username. (CVE-2019-6798, CVE-2020-10804, CVE-2020-5504) It was discovered that phpMyAdmin would allow sensitive files to be leaked if certain configuration options were set. An attacker could use this vulnerability to access confidential information. (CVE-2019-6799) It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database or table name. (CVE-2020-10802) It was discovered that phpMyAdmin did not properly handle data from the database when displaying it. If an attacker were to insert specially- crafted data into certain database tables, the attacker could execute a cross-site scripting (XSS) attack. (CVE-2020-10803) It was discovered that phpMyAdmin was vulnerable to an XSS attack. If a victim were to click on a crafted link, an attacker could run malicious JavaScript on the victim's system. (CVE-2020-26934) It was discovered that phpMyAdmin did not properly handler certain SQL statements in the search feature. An attacker could use this vulnerability to inject malicious SQL into a query. (CVE-2020-26935)

Continue reading...
 
Top