Lucene search

PhpMyAdminPHPMYADMIN:PMASA-2010-7

HistorySep 08, 2010 - 12:00 a.m.

XSS attack on setup script.

2010-09-0800:00:00

www.phpmyadmin.net

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

60.3%

JSON

PMASA-2010-7

Announcement-ID: PMASA-2010-7

Date: 2010-09-08

Summary

XSS attack on setup script.

Description

It was possible to conduct a XSS attack using spoofed request to setup script.

Severity

We consider this vulnerability to be non critical.

Affected Versions

For 3.x: versions before 3.3.7 are affected.

Unaffected Versions

Branch 2.11.x is not affected by this.

Solution

Upgrade to phpMyAdmin 3.3.7 or newer or apply patch listed below.

References

Thanks to Tenable Network Security for reporting this issue.

Assigned CVE ids: CVE-2010-3263

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

73ce5705bd1e0b62060f75702d62f88247ce09dd

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

60.3%

JSON

Related for PHPMYADMIN:PMASA-2010-7