logo
DATABASE RESOURCES PRICING ABOUT US

Unvalidated input on error page.

Description

## PMASA-2010-9 **Announcement-ID:** PMASA-2010-9 **Date:** 2010-12-07 **Updated:** 2010-02-16 ### Summary Unvalidated input on error page. ### Description It was possible to display arbitrary text and link to external site using parameters passed to particular script. ### Severity This issue is considered minor, because the only purpose of affected file is to display an error message. ### Affected Versions All versions prior to 3.4.0-beta1. ### Solution Upgrade to phpMyAdmin 3.4.0-beta1 or newer or apply patch listed below. Due to its minor impact, a fix will be included in the next regular release which is 3.3.10. ### References This issue was reported by [Tiger Security Team](<http://www.exploit-db.com/exploits/15699/>). Assigned CVE ids: [CVE-2010-4480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4480>) CWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) ### Patches The following commits have been made to fix this issue: * [aa6fec0532a9dd48d4e35831c1b1c9785c124dd7](<https://github.com/phpmyadmin/phpmyadmin/commit/aa6fec0532a9dd48d4e35831c1b1c9785c124dd7>) The following commits have been made on the 2.11 branch to fix this issue: * [b01a58118f973f98ab99a4bb28d340af49fa251f](<https://github.com/phpmyadmin/phpmyadmin/commit/b01a58118f973f98ab99a4bb28d340af49fa251f>) The following commits have been made on the 3.3 branch to fix this issue: * [9ebd401b0ea4efea8ddc8cd846da559bf420ccaa](<https://github.com/phpmyadmin/phpmyadmin/commit/9ebd401b0ea4efea8ddc8cd846da559bf420ccaa>) ### More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>).


Affected Software


CPE Name Name Version
phpmyadmin 3.4.0-beta1.

Related