Lucene search

K
freebsdFreeBSD4769914E-B844-11DE-B159-0030843D3802
HistoryOct 13, 2009 - 12:00 a.m.

phpmyadmin -- XSS and SQL injection vulnerabilities

2009-10-1300:00:00
vuxml.freebsd.org
12

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

77.1%

phpMyAdmin Team reports:

Cross-site scripting (XSS) vulnerability allows remote attackers to
inject arbitrary web script or HTML via a crafted MySQL table name.
SQL injection vulnerability allows remote attackers to inject SQL via
various interface parameters of the PDF schema generator feature.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphpmyadmin< 3.2.2.1UNKNOWN
FreeBSDanynoarchphpmyadmin211< 2.11.9.6UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

77.1%