Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4775

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-4775
Last Modified 07 Mar 2011 10:13:16
Published 28 Oct 2008 03:46:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-4775

Summary

Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.

Vulnerable Systems

Application

  • Phpmyadmin 2.11.9.2

  • Phpmyadmin 3.0.0

  • Phpmyadmin 3.0.1


References

FEDORA - FEDORA-2008-9336

FEDORA - FEDORA-2008-9316

XF - phpmyadmin-pmdpdf-xss(46136)

VUPEN - ADV-2008-2943

BID - 31928

BUGTRAQ - 20081027 XSS in phpMyadmin

SREASON - 4516

GENTOO - GLSA-200903-32

SECUNIA - 32482

SECUNIA - 32449


Last Updated: 27 May 2016 10:48:38