CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
94.3%
Announcement-ID: PMASA-2007-2
Date: 2007-01-16
XSS and Path Disclosure vulnerabilities
We received an advisory from Laurent Gaffié and we wish to thank him for his work. It was possible to trigger these attacks on db_create.php and index.php.
We consider these vulnerabilities to be serious.
Probably all versions to 2.9.1.1.
Upgrade to phpMyAdmin 2.9.2 or newer.
Assigned CVE ids: CVE-2007-1395
CWE ids: CWE-661 CWE-79 CWE-200
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.