Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3457

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-3457
Last Modified 07 Mar 2011 10:10:51
Published 04 Aug 2008 03:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-3457

Summary

Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.

Vulnerable Systems

Application

  • Phpmyadmin 2.0

  • Phpmyadmin 2.0.0

  • Phpmyadmin 2.0.1

  • Phpmyadmin 2.0.2

  • Phpmyadmin 2.0.3

  • Phpmyadmin 2.0.4

  • Phpmyadmin 2.0.5

  • Phpmyadmin 2.1

  • Phpmyadmin 2.1.0

  • Phpmyadmin 2.1.1

  • Phpmyadmin 2.1.2

  • Phpmyadmin 2.10.0

  • Phpmyadmin 2.10.0.0

  • Phpmyadmin 2.10.0.1

  • Phpmyadmin 2.10.0.2

  • Phpmyadmin 2.10.01

  • Phpmyadmin 2.10.1

  • Phpmyadmin 2.10.1.0

  • Phpmyadmin 2.10.2

  • Phpmyadmin 2.10.2.0

  • Phpmyadmin 2.10.3

  • Phpmyadmin 2.10.3.0

  • Phpmyadmin 2.11.0

  • Phpmyadmin 2.11.0.0

  • Phpmyadmin 2.11.1

  • Phpmyadmin 2.11.1.0

  • Phpmyadmin 2.11.1.1

  • Phpmyadmin 2.11.1.2

  • Phpmyadmin 2.11.2

  • Phpmyadmin 2.11.2.0

  • Phpmyadmin 2.11.2.1

  • Phpmyadmin 2.11.2.2

  • Phpmyadmin 2.11.3

  • Phpmyadmin 2.11.3.0

  • Phpmyadmin 2.11.4

  • Phpmyadmin 2.11.4.0

  • Phpmyadmin 2.11.5

  • Phpmyadmin 2.11.5.0

  • Phpmyadmin 2.11.5.1

  • Phpmyadmin 2.11.5.2

  • Phpmyadmin 2.11.6

  • Phpmyadmin 2.11.7.0


References

FEDORA - FEDORA-2008-6868

FEDORA - FEDORA-2008-6810

MISC - http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf

XF - phpmyadmin-setup-configinc-xss(44052)

VUPEN - ADV-2008-2226

BID - 30420

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6

MANDRIVA - MDVSA-2008:202

DEBIAN - DSA-1641

SECUNIA - 32834

SECUNIA - 31312

SECUNIA - 31263

SUSE - SUSE-SR:2008:026


Last Updated: 27 May 2016 10:48:12