Vulnerability Name: CVE-2012-4579 (CCN-78058) Assigned: 2012-08-17 Published: 2012-08-17 Updated: 2012-08-22 Summary: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345 . CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-79 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2012-4579 phpMyAdmin Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages. http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php phpMyAdmin Multiple HTML Injection Vulnerabilities CVE-2012-4345 phpMyAdmin: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (PMASA-2012-4) phpmyadmin-database-tablename-xss(78058) Vulnerable Configuration: Configuration 1 :cpe:/a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.1.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:phpmyadmin:phpmyadmin:3.4.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.3:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.4:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.1:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.5:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.6:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.8:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.9:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.10:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.0:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.1:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.7:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:* OR cpe:/a:phpmyadmin:phpmyadmin:3.4.11:*:*:*:*:*:*:* Oval Definitions BACK
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 3.5.2.0
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.4.0
phpmyadmin phpmyadmin 3.4.3
phpmyadmin phpmyadmin 3.4.4
phpmyadmin phpmyadmin 3.4.1
phpmyadmin phpmyadmin 3.4.5
phpmyadmin phpmyadmin 3.4.6
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.8
phpmyadmin phpmyadmin 3.4.9
phpmyadmin phpmyadmin 3.4.10
phpmyadmin phpmyadmin 3.5.0
phpmyadmin phpmyadmin 3.5.1
phpmyadmin phpmyadmin 3.5.2
phpmyadmin phpmyadmin 3.4.7
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.4.11
Denotes that component is vulnerable