CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
90.4%
The phpMyAdmin development team reports:
XSS in table Print view.
Via a crafted MIME-type transformation parameter, an attacker can
perform a local file inclusion.
In the ‘relational schema’ code a parameter was not sanitized before
being used to concatenate a class name.
The end result is a local file inclusion vulnerability and code
execution.
It was possible to manipulate the PHP session superglobal using
some of the Swekey authentication code.
This is very similar to PMASA-2011-5, documented in
7e4e5c53-a56c-11e0-b180-00216aa06fc2
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | < 3.4.3.2 | UNKNOWN |