Published: 01/08/2011 Updated: 07/11/2023

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin prior to 3.3.10.3 and 3.4.x prior to 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.3.10.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.3.4.0
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.10.1
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0

Debian Bug report logs - #656247 phpmyadmin: Local File Inclusion via XXE-injection (CVE-2011-4107) Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Tue, 17 Jan 2012 19:21:0 ...

Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2505 Possible session manipulation in Swekey authentication CVE-2011-2506 Possible code injection in setup script, in case session variables are compro ...

CWE-79 http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php https://bugzilla.redhat.com/show_bug.cgi?id=725381 http://www.debian.org/security/2011/dsa-2286 http://secunia.com/advisories/45365 http://www.securityfocus.com/bid/48874 http://secunia.com/advisories/45515 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html http://secunia.com/advisories/45315 http://www.mandriva.com/security/advisories?name=MDVSA-2011:124 https://exchange.xforce.ibmcloud.com/vulnerabilities/68750 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=a0823be05aa5835f207c0838b9cca67d2d9a050a http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=4bd27166c314faa37cada91533b86377f4d4d214 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247 https://nvd.nist.gov https://www.debian.org/security/./dsa-2286

CVE-2011-2642

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect