CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
36.9%
The phpMyAdmin development team reports:
Using a crafted table name, it was possible to produce a
XSS : 1) On the Database Structure page, creating a new
table with a crafted name 2) On the Database Structure page,
using the Empty and Drop links of the crafted table name 3)
On the Table Operations page of a crafted table, using the
βEmpty the table (TRUNCATE)β and βDelete the table (DROP)β
links 4) On the Triggers page of a database containing
tables with a crafted name, when opening the βAdd Triggerβ
popup 5) When creating a trigger for a table with a crafted
name, with an invalid definition. Having crafted data in a
database table, it was possible to produce a XSS : 6) When
visualizing GIS data, having a crafted label name.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | <Β 3.5.2.2 | UNKNOWN |