| Title | phpMyAdmin における SQL インジェクションの脆弱性 |
|---|---|
| Summary | phpMyAdmin には、control user の特権で起動するトラッキング機能に SQL ステートメントを挿入される脆弱性が存在します。 |
| Possible impacts | 巧妙に細工されたユーザ名、またはテーブル名を介して、control user の特権で起動するトラッキング機能に SQL ステートメントを挿入される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Nov. 25, 2016, midnight |
| Registration Date | Dec. 15, 2016, 2:58 p.m. |
| Last Update | Dec. 15, 2016, 2:58 p.m. |
| CVSS3.0 : 重要 | |
| Score | 7.5 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVSS2.0 : 警告 | |
| Score | 6 |
|---|---|
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
| The phpMyAdmin Project |
| phpMyAdmin 4.0.10.18 未満の 4.0.x |
| phpMyAdmin 4.4.15.9 未満の 4.4.x |
| phpMyAdmin 4.6.5 未満の 4.6.x |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2016年12月15日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
|---|---|
| Publication Date | Dec. 11, 2016, noon |
| Registration Date | Jan. 26, 2021, 2:21 p.m. |
| Last Update | Nov. 21, 2024, 12:01 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:* | |||||