Vulnerability CVE-2011-4780

Vulnerability Name:

CVE-2011-4780 (CCN-72077)

Assigned:

2011-12-21

Published:

2011-12-21

Updated:

2012-11-06

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.

CVSS v3 Severity:

2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2011-4780

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-17370

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-17369

Source: CONFIRM
Type: Exploit, Patch
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=bd3735ba584e7a49aee78813845245354b061f61

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:198

Source: CCN
Type: OSVDB ID: 78036
phpMyAdmin libraries/display_export.lib.php Multiple Export Panel URL Parameter XSS

Source: CCN
Type: phpMyAdmin Web Site
phpMyAdmin

Source: CCN
Type: PMASA-2011-20
XSS in export

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php

Source: BID
Type: UNKNOWN
51226

Source: CCN
Type: BID-51226
phpMyAdmin Prior to 3.4.9 Multiple Cross Site Scripting Vulnerabilities

Source: XF
Type: UNKNOWN
phpmyadmin-displayexportlib-xss(72077)

Vulnerable Configuration:

Configuration 1:

cpe:/a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.5.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.6.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.7.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.4.8.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:phpmyadmin:phpmyadmin:3.4.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20114780	V	CVE-2011-4780	2022-06-30
oval:org.opensuse.security:def:113141	P	phpMyAdmin-4.6.5.2-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106569	P	phpMyAdmin-4.6.5.2-1.1 on GA media (Moderate)	2021-10-01
oval:com.ubuntu.precise:def:20114780000	V	CVE-2011-4780 on Ubuntu 12.04 LTS (precise) - medium.	2011-12-22
oval:com.ubuntu.trusty:def:20114780000	V	CVE-2011-4780 on Ubuntu 14.04 LTS (trusty) - medium.	2011-12-22

BACK