fkie_cve-2016-5733
Vulnerability from fkie_nvd
Published
2016-07-03 01:59
Modified
2024-11-21 02:54
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3627
cve@mitre.orghttp://www.securityfocus.com/bid/91390
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5Patch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5aPatch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436cPatch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322Patch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8bPatch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefcPatch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865Patch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88Patch
cve@mitre.orghttps://security.gentoo.org/glsa/201701-32
cve@mitre.orghttps://www.phpmyadmin.net/security/PMASA-2016-26/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3627
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91390
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5aPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436cPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8bPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefcPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88Patch
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201701-32
af854a3a-2127-422b-91ae-364da2661108https://www.phpmyadmin.net/security/PMASA-2016-26/Patch, Vendor Advisory
Impacted products
Vendor Product Version
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.15.6
opensuse leap 42.1
opensuse opensuse 13.1
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F06DC95-76B1-4E24-A55F-1358A25ED0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA76CB4-6167-446A-8D4F-6D5B38046334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8D28655-7F37-474D-A4E2-772AF24B94E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA1951E-BD85-42BF-BF7F-79A14D165914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D08BEE8-5ACF-438D-9F06-86C6227C9A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58DD0910-DBBA-4858-B9B1-FA93D08323D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "50DA8EBE-52AA-45A5-A5FB-75AF84E415E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC8D93A3-8997-4EB9-A411-74B296D1341F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5A81B2-E16F-4AE2-9691-92D3E8A25CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0245AF2D-F856-4CAA-A830-36D43026D1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "00BD9E52-A6BB-48BB-9FEE-D0272AD9B6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69E253E-157D-45BA-A977-079A49F74A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6325E2AE-BB86-4953-AA9E-0433C00B096E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C54B828-8B23-4C62-907E-8EE7E757B721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DD18C8-172B-41CD-87DD-58BDEC0D9418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10666E30-D98A-47A9-881A-B281066F0EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3993826B-CA66-4BC2-8E1B-06CF9230B214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "14928F51-761E-4FCA-B13C-A11530C7FC46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB761644-20F5-4E0D-B301-7809EAECA813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "896439D0-6C98-44A6-8C9D-0D57D57782D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "978B828C-1FCB-4386-B685-5BEE5A8A500C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A3261B-23BE-42D7-8A52-AE2E8C274A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B7EA51-27EC-4884-8D60-FB9477D2B91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C9F2CC-778B-4604-B463-7A1D3FB8B9C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B20C44D-0EF1-48F2-B0AA-C8FF0BD9E252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F85FEC-427E-487D-997E-7EE359475876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C825978-7E00-4C20-A806-0B968AA589AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "34986C36-1C93-4DA8-A4C2-0CB8B24BAD3E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD0228-728B-437A-84C1-BD7AFA52FFB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF55485-9892-4E7B-AEE0-017E61EAA7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6100FE3E-0A31-4B55-90F2-90AF765A8EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAAC8D9-AAA5-487C-B4AA-84BAE5DB109E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E06B1D3-29B4-45B7-B81F-C864AF579011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2E3923-0E2B-411A-B091-088E6FF050D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1848C748-804D-4FE4-AB9C-B1BF9E58A19C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "12296322-DFAD-4B36-83EC-D01BF5DF7F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA321C14-C8F4-41FC-B601-2F646064ABBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "54DBCF86-0CE8-46C4-B2E7-E3224765CCFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF3DBC5-7020-48D0-ADEA-E71776DB2285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "317F952E-5F12-4ED3-8FA3-FC1106B50F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B97F98-C0A7-4D9E-8333-7EE9EC456A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A1E753D-5653-4D7A-8E41-6C02511EBFCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "417230C7-0EC2-49F4-B810-A8AE84A302AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "103FEAB1-194E-4CEF-935A-4DBCCA298205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5814003-9FF8-4F8E-9D90-A2BBB80B8451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16D28B77-9353-4259-9299-30638A78CCD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C022292B-6E06-4328-842F-135A872D22AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F15F00FB-BB9B-4D54-B198-0A74D418B8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC10AF20-7B65-4FAE-A2AD-783867D60A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB7190C-0401-4E2E-B15F-4CFC79D5A4E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BED20D9-C571-4BC5-9A54-450A364C6E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A2B646D-DDFC-4CB2-B7F4-0C33AF18D14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CBF68B2-2BCF-4EEB-8A7C-D83DCAF1AFB4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C641F362-D37D-47CB-BE6C-36E5F116F844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "A0EA8819-70F8-48DC-8667-6CF25E7D9C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DD2796DA-3E74-4765-90D1-783849C7A44C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4024DA77-BFE4-48C6-A2AF-46003071BDE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85631B69-7060-42D1-AE24-466BA10EB390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62EDC79-47AA-4CED-AB7F-1E4D158EB653",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con (1)un nombre de tabla manipulado que es manejado incorrectamente durante la comprobaci\u00f3n de privilegios en table_row.phtml, (2) una directiva mysqld log_bin manipulada que es manejada incorrectamente en log_selector.phtml, (3) la implementaci\u00f3n de Transformation, (4) manejo del error AJAX en js/ajax.js, (5) la implementaci\u00f3n de Designer, (6) la implementaci\u00f3n de gr\u00e1ficos en js/tbl_chart.js o (7) la implementaci\u00f3n de b\u00fasqueda de zoom en rows_zoom.phtml."
    }
  ],
  "id": "CVE-2016-5733",
  "lastModified": "2024-11-21T02:54:55.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-03T01:59:23.613",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2016/dsa-3627"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/91390"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201701-32"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.phpmyadmin.net/security/PMASA-2016-26/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/91390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201701-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.phpmyadmin.net/security/PMASA-2016-26/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.