CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
68.2%
Announcement-ID: PMASA-2009-5
Date: 2009-06-30
XSS vulnerability
It was possible to conduct an XSS attack via a crafted SQL bookmark.
We consider this vulnerability to be serious.
For 2.11.x: versions are not affected.<br /> For 3.x: All 3.x releases on which the βbookmarksβ feature is active are affected.
Upgrade to phpMyAdmin 3.2.0.1.
We wish to thank Sven Vetsch/Disenchant for informing us in a responsible manner. His site is <http://disenchant.ch>.
Assigned CVE ids: CVE-2009-2284
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.