FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- cross-site scripting vulnerability

Affected packages
phpMyAdmin < 2.11.2.1

Details

VuXML ID 2d2dcbb4-906c-11dc-a951-0016179b2dd5
Discovery 2007-11-11
Entry 2007-11-11
Modified 2010-05-12

The DigiTrust Group reports:

When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since db_create.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when the database names are displayed.

References

CVE Name CVE-2007-5976
CVE Name CVE-2007-5977
URL http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7