ASA-2018-00072 – phpMyAdmin: Vulnerabilidade de XSRF/CSRF devido aplicação receber parâmetros via GET


For the English version of this alert, click here.

Allele Security Alert

ASA-2018-00072

Identificador(es)

ASA-2018-00072, CVE-2018-19969

Título

Vulnerabilidade de XSRF/CSRF devido aplicação receber parâmetros via GET

Fabricante(s)

phpMyAdmin

Produto(s)

phpMyAdmin

Versão(ões) afetada(s)

As versões 4.7.0 a 4.7.6 e 4.8.0 a 4.8.3 do phpMyAdmin são afetadas.

Versão(ões) corrigida(s)

phpMyAdmin 4.8.4

Prova de conceito

Desconhecido

Descrição

Ao enganar um usuário para clicar em uma URL criada, é possível executar operações SQL prejudiciais, como renomear bancos de dados, criar novas tabelas/rotinas, excluir páginas de designer, adicionar/excluir usuários, atualizar senhas de usuários, eliminar processos SQL etc.

Detalhes técnicos

Desconhecido

Créditos

Daniel Le Gall from SCRT, Mustafa Hasan (@strukt93), SI9INT and Prasetia Ari

Referência(s)

Security fix: phpMyAdmin 4.8.4 is released
https://www.phpmyadmin.net/news/2018/12/11/security-fix-phpmyadmin-484-released/

phpMyAdmin – Security – PMASA-2018-7
https://www.phpmyadmin.net/security/PMASA-2018-7/

Retrieve parameters from $_POST in database and table operation pages
https://github.com/phpmyadmin/phpmyadmin/commit/f049c127ca21885ab0856a8c562ed1c74961bb5d

Fix missing parameter
https://github.com/phpmyadmin/phpmyadmin/commit/be0660e4c46a1f3f74d86bac41419d5804201502

Retrieve parameters from $_POST in central columns page
https://github.com/phpmyadmin/phpmyadmin/commit/77ea7024bfa75659dea20dacb225f0d48414fd02

Retrieve parameters from $_POST in tracking pages
https://github.com/phpmyadmin/phpmyadmin/commit/ad7f7fd80192bd9f7f22f4d8d9a8818dd69f3e0c

Retrieve parameters from $_POST in server_databases page
https://github.com/phpmyadmin/phpmyadmin/commit/5d781422fb9f0af54e9cf9c85371b4d8c02ac56d

Fix #249 CSRF to CREATE TABLE query
https://github.com/phpmyadmin/phpmyadmin/commit/d6e04ca09b205cbc1e00f26da9d1f3690287a4af

Retrieve parameters from $_POST in routines
https://github.com/phpmyadmin/phpmyadmin/commit/d9279982a9c24456c061ecc700f69610424e854e

Fix routines tests
https://github.com/phpmyadmin/phpmyadmin/commit/3ac68d2edaafea38c3c45e364933456540603c09

Parameter item_type should be read from $_REQUEST as it can be in both $_POST and $_GET
https://github.com/phpmyadmin/phpmyadmin/commit/98ef759676cfc60db56aff657d5f66f818780872

Retrieve parameters from $_POST in events
https://github.com/phpmyadmin/phpmyadmin/commit/faced0a344a3e3c2cfe645d400fcddc54dcc7f4e

Retrieve parameters from $_POST in triggers
https://github.com/phpmyadmin/phpmyadmin/commit/d0eede7c566d97f92b5fda1560fa07b583ffc0a4

Retrieve parameters from $_POST in view create/edit
https://github.com/phpmyadmin/phpmyadmin/commit/42561e689613e6712920bada4e2f957a96252f97

Fix create view dialog not sending parameters as POST
https://github.com/phpmyadmin/phpmyadmin/commit/ca06ecc87681e7d547271fdbd06816a2bee9be80

Retrieve parameters from $_POST in insert/edit pages
https://github.com/phpmyadmin/phpmyadmin/commit/3d9ed655cc6107bd0e8e6d5f5a5f58d0fc791564

Retrieve parameters from $_POST in table_row_action
https://github.com/phpmyadmin/phpmyadmin/commit/b72e55acf82a67fcb9d8eb341878f8e9fc7af295

Retrieve parameters from $_POST in table structure
https://github.com/phpmyadmin/phpmyadmin/commit/9219b28f474f032621b3cc827d12407673e47b08

Retrieve parameters from $_POST in database QBE
https://github.com/phpmyadmin/phpmyadmin/commit/6c03ebad38a64ac1c53f9bae9e9c2d5e0d556bfd

Fix phpmyadmin-security#254 CSRF allowing password reset
https://github.com/phpmyadmin/phpmyadmin/commit/7d3f203131231d09a7485c38355f5cb546cbf897

Retrieve parameters from $_POST in designer
https://github.com/phpmyadmin/phpmyadmin/commit/2a749337bf9e1319f5d0bc62aae3f79f8f9080d0

Retrieve parameters from $_POST in user/Privileges pages
https://github.com/phpmyadmin/phpmyadmin/commit/35d87e607227c4ea0d1613ad39c5bca75b726fca

Fix test failures
https://github.com/phpmyadmin/phpmyadmin/commit/80eaee9c0a1fadc4c7f7ab3838b3fe5eb15a7830

Retrieve parameters from $_POST in mult_submits.inc.php
https://github.com/phpmyadmin/phpmyadmin/commit/259cbc6ab1d61afb3a657ad4a787eefe8278ec29

Retrieve parameters from $_POST in export
https://github.com/phpmyadmin/phpmyadmin/commit/c1cdaac2f465dd6b9e17f9f35fd46861ad703a6d

Retrieve parameters from $_POST in tbl_addfield
https://github.com/phpmyadmin/phpmyadmin/commit/1edf1aced6ad963c9f282666150f7f36f1ca449e

Retrieve parameters from $_POST in import
https://github.com/phpmyadmin/phpmyadmin/commit/bf3e6c3a77ff5d1fc2a15bba7f0a66e7fcb357e6

Retrieve parameters from $_POST in normalization
https://github.com/phpmyadmin/phpmyadmin/commit/827e4dcf2ce738d7b320682e97e29ad448f9147f

Retrieve parameters from $_POST in navigation
https://github.com/phpmyadmin/phpmyadmin/commit/b4e1862740b3412aab2f7079649a705f317cb1b0

Retrieve parameters from $_POST in sql pages
https://github.com/phpmyadmin/phpmyadmin/commit/5109c1787e111a87521db94c93d4cb2c46cc29f4

Retrieve parameters from $_POST in ajax.php
https://github.com/phpmyadmin/phpmyadmin/commit/88e162b651dfbd64c98ac40976023c4b7d1438bb

Retrieve parameters from $_POST in browse foreigners
https://github.com/phpmyadmin/phpmyadmin/commit/e7e7d56c759366c61824b67f48ec0ba4d5507105

Retrieve parameters from $_POST in chk_rel
https://github.com/phpmyadmin/phpmyadmin/commit/593b2571cd8ba5110cd39fee896ea172ca2c81d5

Retrieve parameters from $_POST in error report
https://github.com/phpmyadmin/phpmyadmin/commit/737ac997f9271d15f08b20893c9174a312027b74

Retrieve parameters from $_POST in GIS data editor
https://github.com/phpmyadmin/phpmyadmin/commit/0fe1a3bea88a553407930f83380b88d7591d2bdd

Retrieve parameters from $_POST in server_status_processes.php
https://github.com/phpmyadmin/phpmyadmin/commit/79548c0dcfc185f7c31a0c527d952a2b14266ddf

Retrieve parameters from $_POST in server_user_groups.php
https://github.com/phpmyadmin/phpmyadmin/commit/89db84213ba1b2b38387632c884c6fe64166f512

Retrieve parameters from $_POST in server_status_variables.php
https://github.com/phpmyadmin/phpmyadmin/commit/30543ad81f5151d592e39e3075dd32a7487d8d9e

Retrieve parameters from $_POST in db_search.php
https://github.com/phpmyadmin/phpmyadmin/commit/0be9a53fcfd4131c8737f717371570402b292361

Retrieve parameters from $_POST in tbl_indexes.php
https://github.com/phpmyadmin/phpmyadmin/commit/d01ece698a18624ede4bccffd81035da7c27b9a0

Retrieve parameters from $_POST in table relation
https://github.com/phpmyadmin/phpmyadmin/commit/d1d90b59b28ab8be332e442df55864cb858e40dd

Retrieve parameters from $_POST in server_status_monitor.php
https://github.com/phpmyadmin/phpmyadmin/commit/a98207c6de3bde433602273d1cccc7f2f99d7501

Retrieve parameters from $_POST in server replication
https://github.com/phpmyadmin/phpmyadmin/commit/eb13c69f0db2b1158d4b36deef7544fa1a932505

Retrieve parameters from $_POST in view_operations.php
https://github.com/phpmyadmin/phpmyadmin/commit/79fd80cef5da7f67eed01825b4d4b957d03acffd

Retrieve parameters from $_GET in url.php
https://github.com/phpmyadmin/phpmyadmin/commit/01e8064e3530a05d8d2975ad29fdd519a952e0ec

Retrieve parameters from $_POST in server binlog
https://github.com/phpmyadmin/phpmyadmin/commit/34972f0132c6e04fc324ad422f2fc609df7a22ec

Retrieve parameters from $_POST in table search
https://github.com/phpmyadmin/phpmyadmin/commit/6fd9bfb75b357e375c8992a8c9194411954a8427

Retrieve parameters from $_POST in partition definition
https://github.com/phpmyadmin/phpmyadmin/commit/c36592b4e8dfe6e5b2e7c9197c32abdf155df350

Retrieve parameters from $_POST in Table class
https://github.com/phpmyadmin/phpmyadmin/commit/d745d1ce019bf1aa60f19e8ac993389adb81e3a9

Retrieve parameters from $_POST in UserPassword class
https://github.com/phpmyadmin/phpmyadmin/commit/d98b40281b0e8781918240b201b35758b474e595

Retrieve parameters from $_POST in server variables
https://github.com/phpmyadmin/phpmyadmin/commit/e7f1e2697acace0d05356a943174cefeae1cf11e

CVE-2018-19969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969

CVE-2018-19969
https://nvd.nist.gov/vuln/detail/CVE-2018-19969


Se encontrou algum erro neste alerta ou deseja uma análise compreensiva, entre em contato.

Última modificação: 14 de dezembro de 2018