PhpMyAdminPHPMYADMIN:PMASA-2006-4XSS vulnerability
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.009 Low
EPSS
Percentile
82.6%
PMASA-2006-4
Announcement-ID: PMASA-2006-4
Date: 2006-06-30
Updated: 2006-07-01
Summary
XSS vulnerability
Description
It was possible to craft a request that contains XSS by attacking the “table” parameter.
Severity
We consider this vulnerability to be serious.
Affected Versions
Some versions previous to 2.8.2 suffer from this vulnerability.
Solution
Upgrade to phpMyAdmin 2.8.2.
References
We wish to thank [email protected] for informing us in a responsible manner. Their advisory is located at <http://securitynews.ir/advisories/phpmyadmin281.txt>.
Assigned CVE ids: CVE-2006-3388
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyadmin | le | 2.8.2 |
Related
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.009 Low
EPSS
Percentile
82.6%