Several remote vulnerabilities have been discovered in phpPgAdmin, a tool
to administrate PostgreSQL database over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:
Cross-site scripting vulnerability allows remote attackers to inject
arbitrary web script or HTML via the server parameter.
Cross-site scripting vulnerability allows remote attackers to inject
arbitrary web script or HTML via PHP_SELF.
Directory traversal vulnerability allows remote attackers to read
arbitrary files via _language parameter.
For the stable distribution (etch), these problems have been fixed in
version 4.0.1-3.1etch2.
For the unstable distribution (sid), these problems have been fixed in
version 4.2.1-1.1.
We recommend that you upgrade your phppgadmin package.
CPE | Name | Operator | Version |
---|---|---|---|
phppgadmin | eq | 4.0.1-3.1 |