Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6100

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2007-6100
Last Modified 07 Mar 2011 10:01:46
Published 23 Nov 2007 03:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2007-6100

Summary

Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.

Vulnerable Systems

Application

  • Phpmyadmin 2.0.0

  • Phpmyadmin 2.0.1

  • Phpmyadmin 2.0.2

  • Phpmyadmin 2.0.3

  • Phpmyadmin 2.0.4

  • Phpmyadmin 2.0.5

  • Phpmyadmin 2.1.0

  • Phpmyadmin 2.1.1

  • Phpmyadmin 2.1.2

  • Phpmyadmin 2.10.0

  • Phpmyadmin 2.10.0.0

  • Phpmyadmin 2.10.0.1

  • Phpmyadmin 2.10.0.2

  • Phpmyadmin 2.10.01

  • Phpmyadmin 2.10.1

  • Phpmyadmin 2.10.1.0

  • Phpmyadmin 2.10.2

  • Phpmyadmin 2.10.2.0

  • Phpmyadmin 2.10.3

  • Phpmyadmin 2.10.3.0

  • Phpmyadmin 2.10.3rc1

  • Phpmyadmin 2.11.0

  • Phpmyadmin 2.11.1.0

  • Phpmyadmin 2.11.1.1

  • Phpmyadmin 2.11.1.2

  • Phpmyadmin 2.11.10.0

  • Phpmyadmin 2.11.10.1

  • Phpmyadmin 2.11.2.0

  • Phpmyadmin 2.11.2.1

  • Phpmyadmin 2.11.2.2

  • Phpmyadmin 2.11.3.0

  • Phpmyadmin 2.11.4.0

  • Phpmyadmin 2.11.5.0

  • Phpmyadmin 2.11.5.1

  • Phpmyadmin 2.11.5.2

  • Phpmyadmin 2.11.6.0

  • Phpmyadmin 2.11.7.0

  • Phpmyadmin 2.11.7.1

  • Phpmyadmin 2.11.8.0

  • Phpmyadmin 2.11.9.0

  • Phpmyadmin 2.11.9.1

  • Phpmyadmin 2.11.9.2

  • Phpmyadmin 2.11.9.3

  • Phpmyadmin 2.11.9.4

  • Phpmyadmin 2.11.9.5

  • Phpmyadmin 2.11.9.6

  • Phpmyadmin 2.2.0

  • Phpmyadmin 2.2.2

  • Phpmyadmin 2.2.3

  • Phpmyadmin 2.2.4

  • Phpmyadmin 2.2.5

  • Phpmyadmin 2.2.6

  • Phpmyadmin 2.3.1

  • Phpmyadmin 2.3.2

  • Phpmyadmin 2.4.0

  • Phpmyadmin 2.5.0

  • Phpmyadmin 2.5.1

  • Phpmyadmin 2.5.2

  • Phpmyadmin 2.5.3

  • Phpmyadmin 2.5.4

  • Phpmyadmin 2.5.5

  • Phpmyadmin 2.5.7

  • Phpmyadmin 2.6.1

  • Phpmyadmin 2.6.2

  • Phpmyadmin 2.6.3

  • Phpmyadmin 2.6.4

  • Phpmyadmin 2.7.0

  • Phpmyadmin 2.8.0

  • Phpmyadmin 2.8.0.1

  • Phpmyadmin 2.8.0.2

  • Phpmyadmin 2.8.0.3

  • Phpmyadmin 2.8.1

  • Phpmyadmin 2.8.2

  • Phpmyadmin 2.8.3

  • Phpmyadmin 2.8.4

  • Phpmyadmin 2.9.0

  • Phpmyadmin 2.9.0.1

  • Phpmyadmin 2.9.0.2

  • Phpmyadmin 2.9.0.3

  • Phpmyadmin 2.9.1

  • Phpmyadmin 2.9.1.1

  • Phpmyadmin 2.9.2


References

BID - 26513

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-8

SECUNIA - 27748

XF - phpmyadmin-loginpage-xss(38601)

VUPEN - ADV-2007-3943

MISC - http://www.nth-dimension.org.uk/pub/NDSA20071119.txt.asc

SECUNIA - 29323

SUSE - SUSE-SR:2008:006


Last Updated: 27 May 2016 10:46:22