Vulnerability Name: CVE-2012-4579 (CCN-78058) Assigned: 2012-08-17 Published: 2012-08-17 Updated: 2012-08-22 Summary: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345 . CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N )3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N )3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-79 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2012-4579 Source: CCN Type: phpMyAdmin Web SitephpMyAdmin Source: CCN Type: PMASA-2012-4Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages. Source: CONFIRM Type: Patch, Vendor Advisoryhttp://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php Source: CCN Type: BID-55068phpMyAdmin Multiple HTML Injection Vulnerabilities Source: CCN Type: Red Hat Bugzilla Bug 849008CVE-2012-4345 phpMyAdmin: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (PMASA-2012-4) Source: XF Type: UNKNOWNphpmyadmin-database-tablename-xss(78058) Vulnerable Configuration: Configuration 1 :cpe:/a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.1.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:phpmyadmin:phpmyadmin:3.4.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.3:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.4:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.1:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.5:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.6:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.8:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.9:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.10:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.1:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.7:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.11:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 3.5.2.0
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.4.0
phpmyadmin phpmyadmin 3.4.3
phpmyadmin phpmyadmin 3.4.4
phpmyadmin phpmyadmin 3.4.1
phpmyadmin phpmyadmin 3.4.5
phpmyadmin phpmyadmin 3.4.6
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.8
phpmyadmin phpmyadmin 3.4.9
phpmyadmin phpmyadmin 3.4.10
phpmyadmin phpmyadmin 3.5.0
phpmyadmin phpmyadmin 3.5.1
phpmyadmin phpmyadmin 3.5.2
phpmyadmin phpmyadmin 3.4.7
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.4.11