CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
82.3%
Announcement-ID: PMASA-2006-7
Date: 2006-11-17
XSS vulnerability
We received a security advisory from laurent gaffié and we wish to thank him for his work. It was possible to produce XSS via table and database comment field and through position parameter.
We consider this vulnerability to be serious.
Probably all versions to 2.9.1.
Upgrade to phpMyAdmin 2.9.1.1 or newer.
Assigned CVE ids: CVE-2006-6942
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.