Vigil@nce - phpMyAdmin: seven vulnerabilities
March 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of phpMyAdmin.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin.
Severity: 2/4.
Creation date: 24/01/2017.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in phpMyAdmin.
An attacker can deceive the user via Request Path, in order to
redirect him to a malicious site. [severity:1/4; PMASA-2017-1]
An attacker can use a vulnerability via php-gettext, in order to
run code. [severity:2/4; CVE-2015-8980, PMASA-2017-2]
An attacker can trigger a fatal error via Table Editing, in order
to trigger a denial of service. [severity:2/4; PMASA-2017-3]
An attacker can alter displayed information via CSS Injection, in
order to deceive the victim. [severity:2/4; PMASA-2017-4]
An attacker can alter Cookies. [severity:2/4; PMASA-2017-5]
An attacker can bypass security features via Connect, in order to
escalate his privileges. [severity:1/4; PMASA-2017-6]
An attacker can trigger a fatal error via Replication Status, in
order to trigger a denial of service. [severity:2/4; PMASA-2017-7]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/phpMyAdmin-seven-vulnerabilities-21658