CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
84.4%
Announcement-ID: PMASA-2007-6
Date: 2007-10-17
Updated: 2007-10-24
XSS vulnerabilities
We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to trigger this attack on server_status.php.
Our team fixed also other possible XSS vulnerabilities regarding PHP_SELF, PATH_INFO, REQUEST_URI.
We consider these vulnerabilities to be serious.
Probably all versions before 2.11.1.2.
Upgrade to phpMyAdmin 2.11.1.2 or newer.
<http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html>
Assigned CVE ids: CVE-2007-5589
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.