CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
84.4%
Announcement-ID: PMASA-2007-5
Date: 2007-10-15
XSS vulnerability
We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work.
It was possible to trigger this attack on setup.php.
We consider this vulnerability to be serious; however, we could only trigger it when using Internet Explorer with the ‘send URLs as UTF8’ setting disabled. The default value of this setting being ‘enabled’ reduces the impact of this problem.
Probably all versions before 2.11.1.1.
Upgrade to phpMyAdmin 2.11.1.1 or newer.
<http://www.securityfocus.com/bid/26020/info>
Assigned CVE ids: CVE-2007-5386
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.