Published: 24/08/2010 Updated: 28/01/2011

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x prior to 2.11.10.1 and 3.x prior to 3.3.5.1 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.3.1.0

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3055 The configuration setup script does not properly sanitise its output file, which allows remote attackers to execute arbitrary PHP code via ...

CWE-79 http://secunia.com/advisories/41000 http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php https://bugzilla.redhat.com/show_bug.cgi?id=625877 http://yehg.net/lab/pr0js/advisories/phpmyadmin/%5Bphpmyadmin-3.3.5%5D_cross_site_scripting%28XSS%29 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997.html http://www.securityfocus.com/bid/42584 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:163 http://www.mandriva.com/security/advisories?name=MDVSA-2010:164 http://www.debian.org/security/2010/dsa-2097 http://www.vupen.com/english/advisories/2010/2231 http://www.vupen.com/english/advisories/2010/2223 http://secunia.com/advisories/41185 https://nvd.nist.gov https://www.debian.org/security/./dsa-2097

CVE-2010-3056

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect