Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4306

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4306
Last Modified 05 Sep 2008 05:27:54
Published 13 Aug 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4306

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7.

Vulnerable Systems

Application

  • Phpmyadmin 2.10.3


References

MISC - http://pridels-team.blogspot.com/2007/08/phpmyadmin-multiple-xss-vuln.html

BID - 25268

MANDRIVA - MDKSA-2007:199


Last Updated: 27 May 2016 10:45:50