Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2960

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-2960
Last Modified 07 Mar 2011 10:10:01
Published 02 Jul 2008 01:14:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-2960

Summary

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.

Vulnerable Systems

Application

  • Phpmyadmin 2.10.0

  • Phpmyadmin 2.10.0.1

  • Phpmyadmin 2.10.0.2

  • Phpmyadmin 2.10.1

  • Phpmyadmin 2.10.2

  • Phpmyadmin 2.10.3

  • Phpmyadmin 2.10.3rc1

  • Phpmyadmin 2.11.0

  • Phpmyadmin 2.11.0beta1

  • Phpmyadmin 2.11.0rc1

  • Phpmyadmin 2.11.1

  • Phpmyadmin 2.11.1.1

  • Phpmyadmin 2.11.1.2

  • Phpmyadmin 2.11.1rc1

  • Phpmyadmin 2.11.2

  • Phpmyadmin 2.11.2.1

  • Phpmyadmin 2.11.2.2

  • Phpmyadmin 2.11.3

  • Phpmyadmin 2.11.3rc1

  • Phpmyadmin 2.11.4

  • Phpmyadmin 2.11.4rc1

  • Phpmyadmin 2.11.5

  • Phpmyadmin 2.11.5.1

  • Phpmyadmin 2.11.5.2

  • Phpmyadmin 2.11.5rc1

  • Phpmyadmin 2.11.6

  • Phpmyadmin 2.11.6rc1


References

XF - phpmyadmin-libraryfiles-xss(43320)

VUPEN - ADV-2008-1904

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4

CONFIRM - http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0

MLIST - [oss-security] 20080716 Re: CVE request: phpmyadmin < 2.11.7.1

MANDRIVA - MDVSA-2008:131

SECUNIA - 33822

SECUNIA - 30816

SECUNIA - 30813

SUSE - SUSE-SR:2009:003


Last Updated: 27 May 2016 10:48:02