Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20114
HistorySep 14, 2010 - 12:00 a.m.

phpMyAdmin 3.x setup脚本远程跨站脚本漏洞

2010-09-1400:00:00
Root
www.seebug.org
13

EPSS

0.002

Percentile

60.3%

JSON

CVE ID: CVE-2010-3263

phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。

phpMyAdmin的setup脚本没有正确地过滤提交给setup/frames/index.inc.php页面的参数,远程攻击者可以通过恶意服务器名称注入并执行任意Web脚本或HTML。

phpMyAdmin 3.x
厂商补丁:

phpMyAdmin

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=73ce5705bd1e0b62060f75702d62f88247ce09dd

Related

nessus 2
prion 1
ubuntucve 1
openvas 5
debiancve 1
cve 1
cvelist 1
nvd 1
phpmyadmin 1
gentoo 1
nessus
nessus
phpMyAdmin setup.php Verbose Server Name XSS (PMASA-2010-7)
2010-09-08 00:00:00
GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilities
2012-01-05 00:00:00
prion
prion
Cross site scripting
2010-09-10 20:00:00
ubuntucve
ubuntucve
CVE-2010-3263
2010-09-10 00:00:00
openvas
openvas
Mandriva Update for phpmyadmin MDVSA-2010:186 (phpmyadmin)
2010-09-27 00:00:00
phpMyAdmin Setup Script Request Cross Site Scripting Vulnerability
2010-09-15 00:00:00
Mandriva Update for phpmyadmin MDVSA-2010:186 (phpmyadmin)
2010-09-27 00:00:00
debiancve
debiancve
CVE-2010-3263
2010-09-10 20:00:01
cve
cve
CVE-2010-3263
2010-09-10 20:00:01
cvelist
cvelist
CVE-2010-3263
2010-09-10 19:00:00
nvd
nvd
CVE-2010-3263
2010-09-10 20:00:01
phpmyadmin
phpmyadmin
XSS attack on setup script.
2010-09-08 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2012-01-04 00:00:00

EPSS

0.002

Percentile

60.3%

JSON
Related for SSV:20114
nessus2prion1ubuntucve1openvas5debiancve1cve1cvelist1nvd1phpmyadmin1gentoo1