Lucene search

MitreCVE-2006-2418

HistoryMay 16, 2006 - 10:02 a.m.

CVE-2006-2418

2006-05-1610:02:00

mitre

web.nvd.nist.gov

cve-2006-2418

phpmyadmin

xss

web script injection

html injection

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.7

Confidence

High

EPSS

0.018

Percentile

88.2%

JSON

Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.8.0.3

VendorProductVersionCPE
phpmyadminphpmyadmin2.8.0.3cpe:/a:phpmyadmin:phpmyadmin:2.8.0.3:::

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.8.0.3	cpe:/a:phpmyadmin:phpmyadmin:2.8.0.3:::

References

lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html

secunia.com/advisories/20113

secunia.com/advisories/20627

secunia.com/advisories/22781

www.debian.org/security/2006/dsa-1207

www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2

www.securityfocus.com/bid/17973

www.vupen.com/english/advisories/2006/1794

exchange.xforce.ibmcloud.com/vulnerabilities/26441

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.7

Confidence

High

EPSS

0.018

Percentile

88.2%

JSON

Related for CVE-2006-2418