Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1940

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1940
Last Modified 05 Nov 2012 11:57:39
Published 26 Jan 2012 10:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1940

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.

Vulnerable Systems

Application

  • Phpmyadmin 3.3.0.0

  • Phpmyadmin 3.3.1.0

  • Phpmyadmin 3.3.10.0

  • Phpmyadmin 3.3.2.0

  • Phpmyadmin 3.3.3.0

  • Phpmyadmin 3.3.4.0

  • Phpmyadmin 3.3.5.0

  • Phpmyadmin 3.3.5.1

  • Phpmyadmin 3.3.6

  • Phpmyadmin 3.3.7

  • Phpmyadmin 3.3.8

  • Phpmyadmin 3.3.8.1

  • Phpmyadmin 3.3.9.0

  • Phpmyadmin 3.3.9.1

  • Phpmyadmin 3.3.9.2

  • Phpmyadmin 3.4.0.0


References

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php

CONFIRM - http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492

CONFIRM - http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287

DEBIAN - DSA-2391


Last Updated: 27 May 2016 10:57:24