Lucene search

[email protected]NVD:CVE-2008-3457

HistoryAug 04, 2008 - 7:41 p.m.

CVE-2008-3457

2008-08-0419:41:00

CWE-79

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON

Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.

Affected configurations

NVD

Node

phpmyadminphpmyadminRange≤2.11.7.0

phpmyadminphpmyadminMatch2.0

phpmyadminphpmyadminMatch2.0.0

phpmyadminphpmyadminMatch2.0.1

phpmyadminphpmyadminMatch2.0.2

phpmyadminphpmyadminMatch2.0.3

phpmyadminphpmyadminMatch2.0.4

phpmyadminphpmyadminMatch2.0.5

phpmyadminphpmyadminMatch2.1

phpmyadminphpmyadminMatch2.1.0

phpmyadminphpmyadminMatch2.1.1

phpmyadminphpmyadminMatch2.1.2

phpmyadminphpmyadminMatch2.10.0

phpmyadminphpmyadminMatch2.10.0.0

phpmyadminphpmyadminMatch2.10.0.1

phpmyadminphpmyadminMatch2.10.0.2

phpmyadminphpmyadminMatch2.10.1

phpmyadminphpmyadminMatch2.10.01

phpmyadminphpmyadminMatch2.10.1.0

phpmyadminphpmyadminMatch2.10.2

phpmyadminphpmyadminMatch2.10.2.0

phpmyadminphpmyadminMatch2.10.3

phpmyadminphpmyadminMatch2.10.3.0

phpmyadminphpmyadminMatch2.11.0

phpmyadminphpmyadminMatch2.11.0.0

phpmyadminphpmyadminMatch2.11.1

phpmyadminphpmyadminMatch2.11.1.0

phpmyadminphpmyadminMatch2.11.1.1

phpmyadminphpmyadminMatch2.11.1.2

phpmyadminphpmyadminMatch2.11.2

phpmyadminphpmyadminMatch2.11.2.0

phpmyadminphpmyadminMatch2.11.2.1

phpmyadminphpmyadminMatch2.11.2.2

phpmyadminphpmyadminMatch2.11.3

phpmyadminphpmyadminMatch2.11.3.0

phpmyadminphpmyadminMatch2.11.4

phpmyadminphpmyadminMatch2.11.4.0

phpmyadminphpmyadminMatch2.11.5

phpmyadminphpmyadminMatch2.11.5.0

phpmyadminphpmyadminMatch2.11.5.1

phpmyadminphpmyadminMatch2.11.5.2

phpmyadminphpmyadminMatch2.11.6

References

lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

secunia.com/advisories/31263

secunia.com/advisories/31312

secunia.com/advisories/32834

www.debian.org/security/2008/dsa-1641

www.mandriva.com/security/advisories?name=MDVSA-2008:202

www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6

www.securityfocus.com/bid/30420

www.vupen.com/english/advisories/2008/2226/references

yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/44052

www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for NVD:CVE-2008-3457

cve1 phpmyadmin1 debiancve1 cvelist1 ubuntucve1 prion1 openvas4 redhatcve1 nessus4 seebug1 debian1 osv1 securityvulns2