One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8643734 |
| Date de publication | 2025-01-28 09:37:55 (vue: 2025-01-28 10:10:46) |
| Titre | phpMyAdmin 5.2.2 Addresses Critical XSS and Library Vulnerabilities |
| Texte | >
Overview
phpMyAdmin, a popular web-based tool for managing MySQL and MariaDB databases, has recently released version 5.2.2, addressing multiple vulnerabilities that posed a medium severity risk. This widely-used tool is a basis for database administrators, offering strong features and ease of use. However, the vulnerabilities discovered could potentially expose users to risks such as unauthorized actions, session hijacking, and data theft.
The update resolves two cross-site scripting (XSS) vulnerabilities (CVE-2025-24530 and CVE-2025-24529) and a potential issue in the glibc/iconv library (CVE-2024-2961). These vulnerabilities underline the importance of staying up to date with security patches to safeguard sensitive data and ensure secure database management.
According to the advisory:
Reported By: The vulnerability was reported by a security researcher identified as "bluebird."
Severity: Moderate.
Solution: Users are encouraged to upgrade to version 5.2.2 or apply the patch.
Vulnerability Details
Three significant vulnerabilities were identified in phpMyAdmin versions prior to 5.2.2:
1. CVE-2025-24530: XSS in “Check Tables”
Description: This XSS vulnerability allows an attacker to exploit the "Check Tables" feature by crafting a malicious table name. This could result in injecting malicious scripts into the application.
Impact: Successful exploitation could lead to session hijacking, data theft, and unauthorized actions.
CWE ID: CWE-661 (Improper Neutralization of Input During Web Page Generation).
Fix: This issue was resolved through commit a45efd0eb9415240480adeefc587158c766bc4a0.
2. CVE-2025-24529: XSS in “Insert”
Description: This vulnerability involves the "Insert" functionality, which could be manipulated to execute malicious scripts.
Impact: Exploitation could compromise user accounts and sensitive data by injecting malicious code into user |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2024 2025 24529 24529: 24530 24530: 2961 2961: 661 a45efd0eb9415240480adeefc587158c766bc4a0 access accessible accessrestrict according accounts actions actions: actively activity addresses addressing administrators advised advisorites/1203/91 advisory: affected alerts all allow allows also any application apply applying arbitrary are associated attacker attackers attempted backup backups based basis been being benefit block bluebird breach but by: can can: case check circumstances classified code commerce commit community components compromise compromising confidently configuration consequences conservancy continued control could crafting credentials critical cross cve cwe damage data database databases databasesmaintain date day demonstrated deploy description: detailed details detect discovered disrupting documentation: during ease enable encouraged ensure entire especially execute execution execution: exploit exploitation exploited expose extensive feature features finance firewall firewalls fix: fixed following free freedom frequent from functionalities functionality gaining generation given glibc/iconv globally guidance handle handled has have healthcare help helps hijacking hijacking: how however htaccess https://jocert https://www id: identified immediately immediately: impact impact: importance improper include: indicate industries information infrastructures injected injecting input insert installation installations involves issue issues jo/en/listdetails/security known language languages laterensure latest lead leading library like limit logs logsregularly long loss making malicious management managing manipulated many mariadb matters measures medium member might mitigate moderate monitor multi multiple mysql name ncsc net net/security/pmasa neutralization newer normal not offering open operations organizations overview page patch patches patchif phpmyadmin popular posed possible potential potentially powerful prevent prior project projects promptly protect provided provides: recently recommendations regularly release released releases reliable rely remains reported reports reputation researcher resolve resolved resolves result review risk risks robust rules run safeguard scripting scripts secure securely security sensitive server session sessions severity severity: significant site software solution: source source: specific sphpmyadmin standing staying stolen strong strongly successful such support: supports system table tables tables” take targeting team theft theft: these three through timely tool tools traffic translated trusted two unauthorized under underline unusual update updated updates updates: upgrade use used user users using version versions versions: vigilance vulnerabilities vulnerability waf wafs web where which why widely xss your zero “check “insert” |
| Tags | Tool Vulnerability Threat Medical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.