PhpMyAdminPHPMYADMIN:PMASA-2008-4XSS on plausible insecure PHP installation
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.2%
PMASA-2008-4
Announcement-ID: PMASA-2008-4
Date: 2008-06-23
Summary
XSS on plausible insecure PHP installation
Description
We received an advisory from Tim Starling (Wikimedia), and we wish to thank him for his work. Some scripts in the /libraries directory were vulnerable to XSS.
Severity
We consider this vulnerability to be serious.
Mitigation factor
We were able to reproduce this only on systems where both of these conditions are true: the PHP register_globals setting is βonβ and the web server does not apply the settings contained in the .htaccess file that we placed in /libraries.
Affected Versions
Versions before 2.11.7.
Solution
Upgrade to phpMyAdmin 2.11.7 or newer.
References
Assigned CVE ids: CVE-2008-2960
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyadmin | le | 2.11.7. |
Related
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.2%