[3.3] phpmyadmin: Multiple issues (CVE-2015-8669, CVE-2016-2038, CVE-2016-2039, CVE-2016-2040, ...)
CVE-2015-8669: Full path disclosure vulnerability
Affected Versions:
Versions 4.0.x (prior to 4.0.10.12), 4.4.x (prior to 4.4.15.2) and 4.5.x (prior to 4.5.3.1) are affected.
Upgrade to phpMyAdmin 4.0.10.12 or newer, 4.4.15.2 or newer, 4.5.3.1 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2015-6/
CVE-2016-2038: Multiple full path disclosure vulnerabilities.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-1/
CVE-2016-2039: Unsafe generation of XSRF/CSRF token.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-2/
CVE-2016-2040: Multiple XSS vulnerabilities.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-3/
CVE-2016-1927: Insecure password generation in JavaScript.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-4/
CVE-2016-2041: Unsafe comparison of XSRF/CSRF token.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-5/
CVE-2016-2042: Multiple full path disclosure vulnerabilities.
Affected Versions:
Versions 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-6/
CVE-2016-2043: XSS vulnerability in normalization page.
Affected Versions:
Versions 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-7/
CVE-2016-2044: Full path disclosure vulnerability in SQL parser.
Affected Versions:
Versions 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-8/
CVE-2016-2045: With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor.
Affected versions:
Versions 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.5.4 or newer
References:
https://www.phpmyadmin.net/security/PMASA-2016-9/
(from redmine: issue id 5066, created on 2016-02-04, closed on 2016-02-09)
- Relations:
- parent #5065 (closed)
- Changesets:
- Revision 6d8a809c on 2016-02-09T09:36:35Z:
main/phpmyadmin: security upgrade to 4.5.4.1 (CVE-2015-8669). Fixes #5066