WordPress Portable PhpMyAdmin Plugin 'wp-pma-mod' Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Portable phpMyAdmin Plugin and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to gain sensitive information. Impact Level: Application

Solution

Upgrade to the WordPress Portable phpMyAdmin Plugin 1.3.1 or later, For updates refer to http://wordpress.org/extend/plugins/portable-phpmyadmin/

Insight

The plugin fails to verify an existing WordPress session when accessing the plugin file path directly. An attacker can get a full phpMyAdmin console with the privilege level of the MySQL configuration of WordPress by accessing 'wp-content/plugins/portable-phpmyadmin/wp-pma-mod'.

Affected

WordPress Portable phpMyAdmin plugin version 1.3.0

References

http://osvdb.org/88391
http://packetstormsecurity.org/files/118805/WordPress-portable-phpMyAdmin-1.3.0-Authentication-Bypass.html
http://seclists.org/bugtraq/2012/Dec/91
http://secunia.com/advisories/51520/
http://www.exploit-db.com/exploits/23356/
http://xforce.iss.net/xforce/xfdb/80654

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5469
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
ActivePerl perlIS.dll Buffer Overflow
b2Evolution title SQL Injection
ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities

WordPress Portable phpMyAdmin Plugin 'wp-pma-mod' Security Bypass Vulnerability

Take action and discover your vulnerabilities