Lucene search

MitreCVE-2006-5718

HistoryNov 04, 2006 - 1:07 a.m.

CVE-2006-5718

2006-11-0401:07:00

mitre

web.nvd.nist.gov

cve-2006-5718

cross-site scripting

xss

vulnerability

phpmyadmin

encoding

error.php

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.6.4_pl1

phpmyadminphpmyadminMatch2.6.4_pl3

phpmyadminphpmyadminMatch2.6.4_pl4

phpmyadminphpmyadminMatch2.6.4_rc1

phpmyadminphpmyadminMatch2.7

phpmyadminphpmyadminMatch2.7.0_beta1

phpmyadminphpmyadminMatch2.7_pl1

phpmyadminphpmyadminMatch2.8.1

phpmyadminphpmyadminMatch2.8.2

phpmyadminphpmyadminMatch2.8.3

phpmyadminphpmyadminMatch2.8.4

phpmyadminphpmyadminMatch2.9

phpmyadminphpmyadminMatch2.9.1

phpmyadminphpmyadminMatch2.9.2

phpmyadminphpmyadminMatch2.9_rc1

VendorProductVersionCPE
phpmyadminphpmyadmin2.6.4+rc1cpe:/a:phpmyadmin:phpmyadmin:2.6.4+rc1:::
phpmyadminphpmyadmin2.6.4+pl3cpe:/a:phpmyadmin:phpmyadmin:2.6.4+pl3:::
phpmyadminphpmyadmin2.9+rc1cpe:/a:phpmyadmin:phpmyadmin:2.9+rc1:::
phpmyadminphpmyadmin2.8.3cpe:/a:phpmyadmin:phpmyadmin:2.8.3:::
phpmyadminphpmyadmin2.7.0+beta1cpe:/a:phpmyadmin:phpmyadmin:2.7.0+beta1:::
phpmyadminphpmyadmin2.8.1cpe:/a:phpmyadmin:phpmyadmin:2.8.1:::
phpmyadminphpmyadmin2.7+pl1cpe:/a:phpmyadmin:phpmyadmin:2.7+pl1:::
phpmyadminphpmyadmin2.9.1cpe:/a:phpmyadmin:phpmyadmin:2.9.1:::
phpmyadminphpmyadmin2.9.2cpe:/a:phpmyadmin:phpmyadmin:2.9.2:::
phpmyadminphpmyadmin2.6.4+pl4cpe:/a:phpmyadmin:phpmyadmin:2.6.4+pl4:::

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.6.4+rc1	cpe:/a:phpmyadmin:phpmyadmin:2.6.4+rc1:::
phpmyadmin	phpmyadmin	2.6.4+pl3	cpe:/a:phpmyadmin:phpmyadmin:2.6.4+pl3:::
phpmyadmin	phpmyadmin	2.9+rc1	cpe:/a:phpmyadmin:phpmyadmin:2.9+rc1:::
phpmyadmin	phpmyadmin	2.8.3	cpe:/a:phpmyadmin:phpmyadmin:2.8.3:::
phpmyadmin	phpmyadmin	2.7.0+beta1	cpe:/a:phpmyadmin:phpmyadmin:2.7.0+beta1:::
phpmyadmin	phpmyadmin	2.8.1	cpe:/a:phpmyadmin:phpmyadmin:2.8.1:::
phpmyadmin	phpmyadmin	2.7+pl1	cpe:/a:phpmyadmin:phpmyadmin:2.7+pl1:::
phpmyadmin	phpmyadmin	2.9.1	cpe:/a:phpmyadmin:phpmyadmin:2.9.1:::
phpmyadmin	phpmyadmin	2.9.2	cpe:/a:phpmyadmin:phpmyadmin:2.9.2:::
phpmyadmin	phpmyadmin	2.6.4+pl4	cpe:/a:phpmyadmin:phpmyadmin:2.6.4+pl4:::