Lucene search

PhpMyAdminPHPMYADMIN:PMASA-2006-6

HistoryNov 01, 2006 - 12:00 a.m.

XSS vulnerability

2006-11-0100:00:00

www.phpmyadmin.net

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

73.1%

JSON

PMASA-2006-6

Announcement-ID: PMASA-2006-6

Date: 2006-11-01

Summary

XSS vulnerability

Description

We received a security advisory from Stefan Esser ([email protected]) and we wish to thank him for his work. It was possible to produce XSS via a special URL containing UTF-7 codes

Severity

We consider this vulnerability to be serious.

Affected Versions

2.6.4 to 2.9.0.2.

Solution

Upgrade to phpMyAdmin 2.9.0.3 or newer.

References

Assigned CVE ids: CVE-2006-5718

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

39893dd0c956de6505d5a4d4590ad3e1f64bdffa

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

73.1%

JSON

Related for PHPMYADMIN:PMASA-2006-6