CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
82.7%
Announcement-ID: PMASA-2007-1
Date: 2007-01-16
HTTP Response Splitting vulnerability
On systems running PHP 5 before 5.1.2 or PHP 4 before 4.4.2, it is possible to trigger this vulnerability by editing the cookie containing PHP’s session id. This can be used to send malicious javascript or redirects.
We consider this vulnerability to be serious.
Probably all versions to 2.9.1.1.
Upgrade to phpMyAdmin 2.9.2 or newer.
<http://www.securityfocus.com/archive/1/453432>
Assigned CVE ids: CVE-2006-6374
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.