FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- XSS and SQL injection vulnerabilities

Affected packages
	phpMyAdmin	<	3.2.2.1
	phpMyAdmin211	<	2.11.9.6

Details

VuXML ID	4769914e-b844-11de-b159-0030843d3802
Discovery	2009-10-13
Entry	2009-10-13

phpMyAdmin Team reports:

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name.

SQL injection vulnerability allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature.

[source]

References

CVE Name	CVE-2009-3696
CVE Name	CVE-2009-3697
URL	http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php