Search:

February 2005

Secunia Security Advisory: phpMyAdmin - multiple cross-site scripting vulnerabilities

ID: 00176
Ref: 159/2005
Date: 28 February 2005:14:45:07
Version: 1

Title: Secunia Security Advisory: phpMyAdmin - multiple cross-site scripting vulnerabilities
Abstract:
Vendors affected: Secunia
Operating systems affected: Secunia
Applications affected: Secunia

Title
=====

Secunia Security Advisory: phpMyAdmin - multiple cross-site scripting vulnerabilities

Detail
======

phpMyAdmin is a commmonly used MySQL database administration tool.
Versions 2.6.1 and prior contain multiple cross-site scripting
vulnerabilities. Successful exploitation allows an attacker to execute
arbitrary scripted content in a user's web browser in the context of
the site running phpMyAdmin.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================

ESB-2005.0191 -- phpMyAdmin
multiple cross-site scripting vulnerabilities
25 February 2005

===========================================================================

Product: phpMyAdmin
Operating System: UNIX variants
Linux variants
Windows
Impact: Cross-site Scripting
Access: Remote/Unauthenticated

- - --------------------------BEGIN INCLUDED TEXT--------------------

PROBLEM:

phpMyAdmin is a commmonly used MySQL database administration tool.

Versions 2.6.1 and prior contain multiple cross-site scripting
vulnerabilities. Successful exploitation allows an attacker to execute
arbitrary scripted content in a user's web browser in the context of
the site running phpMyAdmin.

Note that these vulnerabilities are not exploitable if PHP is
configured with register_globals = off.

MITIGATION:

phpMyAdmin 2.6.1-pl2 has been released fixing these vulnerabilities.

REFERENCES:

[1] Secunia Advisory SA14382
http://secunia.com/advisories/14382/

- - --------------------------END INCLUDED TEXT--------------------

iQCVAwUBQh6NLSh9+71yA2DNAQLlgAP+IdcoZMI2mo43Y2AW6ZsmeEWW4wTcgRMJ
giN7roTo2zJR2+4xX4Opiq1Kzlrg5gJZx6QlDh7Puo7mJtaFcTH+TknGxIn+dmRJ
lcVboInryBtvZ0rdb2/CnxMKiqo4hYtGcb8pX7vRz7MVk4x8etmLi34FsEa63c4S
k71knXhZMsk=
=pZbd
- -----END PGP SIGNATURE-----