FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- cross-site scripting vulnerability

Affected packages
phpMyAdmin < 2.11.1.1

Details

VuXML ID 51b51d4a-7c0f-11dc-9e47-0011d861d5e2
Discovery 2007-10-12
Entry 2007-10-16
Modified 2007-10-20

SecurityFocus reports:

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

[source]

References

Bugtraq ID 26020
CVE Name CVE-2007-5386
URL http://secunia.com/advisories/27173
URL http://www.digitrustgroup.com/advisories/TDG-advisory071009a
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.