Lucene search

PhpMyAdminPHPMYADMIN:PMASA-2006-6

HistoryNov 01, 2006 - 12:00 a.m.

XSS vulnerability

2006-11-0100:00:00

www.phpmyadmin.net

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

PMASA-2006-6

Announcement-ID: PMASA-2006-6

Date: 2006-11-01

Summary

XSS vulnerability

Description

We received a security advisory from Stefan Esser ([email protected]) and we wish to thank him for his work. It was possible to produce XSS via a special URL containing UTF-7 codes

Severity

We consider this vulnerability to be serious.

Affected Versions

2.6.4 to 2.9.0.2.

Solution

Upgrade to phpMyAdmin 2.9.0.3 or newer.

References

Assigned CVE ids: CVE-2006-5718

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

39893dd0c956de6505d5a4d4590ad3e1f64bdffa

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CPENameOperatorVersion
phpmyadminle2.9.0.2.

CPE	Name	Operator	Version
	phpmyadmin	le	2.9.0.2.

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for PHPMYADMIN:PMASA-2006-6