FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Cross Site Scripting Vulnerabilities

Affected packages
phpMyAdmin < 2.11.7

Details

VuXML ID e285a1f4-4568-11dd-ae96-0030843d3802
Discovery 2008-06-23
Entry 2008-06-28
Modified 2010-05-12

Secunia report:

Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that "register_globals" is enabled and support for ".htaccess" files is disabled.

[source]

References

CVE Name CVE-2008-2960
URL http://secunia.com/advisories/30813/
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.