Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5733

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.

Published

2016-07-03T01:59:23.613

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phpmyadmin	phpmyadmin	4.0.0	Yes
Application	phpmyadmin	phpmyadmin	4.0.1	Yes
Application	phpmyadmin	phpmyadmin	4.0.2	Yes
Application	phpmyadmin	phpmyadmin	4.0.3	Yes
Application	phpmyadmin	phpmyadmin	4.0.4	Yes
Application	phpmyadmin	phpmyadmin	4.0.4.1	Yes
Application	phpmyadmin	phpmyadmin	4.0.4.2	Yes
Application	phpmyadmin	phpmyadmin	4.0.5	Yes
Application	phpmyadmin	phpmyadmin	4.0.6	Yes
Application	phpmyadmin	phpmyadmin	4.0.7	Yes
Application	phpmyadmin	phpmyadmin	4.0.8	Yes
Application	phpmyadmin	phpmyadmin	4.0.9	Yes
Application	phpmyadmin	phpmyadmin	4.0.10	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.1	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.2	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.3	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.4	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.5	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.6	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.7	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.8	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.9	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.10	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.11	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.12	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.13	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.14	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.15	Yes
Application	phpmyadmin	phpmyadmin	4.4.0	Yes
Application	phpmyadmin	phpmyadmin	4.4.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.1.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.2	Yes
Application	phpmyadmin	phpmyadmin	4.4.3	Yes
Application	phpmyadmin	phpmyadmin	4.4.4	Yes
Application	phpmyadmin	phpmyadmin	4.4.5	Yes
Application	phpmyadmin	phpmyadmin	4.4.6	Yes
Application	phpmyadmin	phpmyadmin	4.4.6.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.7	Yes
Application	phpmyadmin	phpmyadmin	4.4.8	Yes
Application	phpmyadmin	phpmyadmin	4.4.9	Yes
Application	phpmyadmin	phpmyadmin	4.4.10	Yes
Application	phpmyadmin	phpmyadmin	4.4.11	Yes
Application	phpmyadmin	phpmyadmin	4.4.12	Yes
Application	phpmyadmin	phpmyadmin	4.4.13	Yes
Application	phpmyadmin	phpmyadmin	4.4.13.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.14.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.15	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.2	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.3	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.4	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.5	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.6	Yes
Operating System	opensuse	leap	42.1	Yes
Operating System	opensuse	opensuse	13.1	Yes
Operating System	opensuse	opensuse	13.2	Yes
Application	phpmyadmin	phpmyadmin	4.6.0	Yes
Application	phpmyadmin	phpmyadmin	4.6.0	Yes
Application	phpmyadmin	phpmyadmin	4.6.0	Yes
Application	phpmyadmin	phpmyadmin	4.6.0	Yes
Application	phpmyadmin	phpmyadmin	4.6.1	Yes
Application	phpmyadmin	phpmyadmin	4.6.2	Yes

References

http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html ([email protected])
http://www.debian.org/security/2016/dsa-3627 ([email protected])
http://www.securityfocus.com/bid/91390 ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5 Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322 Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865 Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88 Patch ([email protected])
https://security.gentoo.org/glsa/201701-32 ([email protected])
https://www.phpmyadmin.net/security/PMASA-2016-26/ Patch, Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3627 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91390 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-32 (af854a3a-2127-422b-91ae-364da2661108)
https://www.phpmyadmin.net/security/PMASA-2016-26/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)