9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.033 Low
EPSS
Percentile
89.9%
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool
to administrate PostgreSQL database over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:
Cross-site scripting vulnerability allows remote attackers to inject
arbitrary web script or HTML via the server parameter.
Cross-site scripting vulnerability allows remote attackers to inject
arbitrary web script or HTML via PHP_SELF.
Directory traversal vulnerability allows remote attackers to read
arbitrary files via _language parameter.
For the stable distribution (etch), these problems have been fixed in
version 4.0.1-3.1etch2.
For the unstable distribution (sid), these problems have been fixed in
version 4.2.1-1.1.
We recommend that you upgrade your phppgadmin package.
CPE | Name | Operator | Version |
---|---|---|---|
phppgadmin | eq | 4.0.1-3.1 |