CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
78.4%
The DigiTrust Group reports:
When creating a new database, a malicious user can use a
client-side Web proxy to place malicious code in the db parameter of
the POST request. Since db_create.php does not properly sanitize
user-supplied input, an administrator could face a persistent XSS
attack when the database names are displayed.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | <Β 2.11.2.1 | UNKNOWN |