Zone-H.org - phpMyAdmin Cross-Site Scripting Vulnerabilities

phpMyAdmin Cross-Site Scripting Vulnerabilities

Written by Marcelo Almeida (Vympel)

Tuesday, 24 June 2008

Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...

Successful exploitation requires that "register_globals" is enabled and support for ".htaccess" files is disabled.
The vulnerabilities are reported in versions prior to 2.11.7.

Solution:
Update to version 2.11.7.

Provided and/or discovered by:
The vendor credits Tim Starling, Wikimedia

Original Advisory:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4

Original Article:
http://secunia.com/advisories/30813/

Comments Index (Total Messages: 1)

isyan Written by Guest on 2008-08-17 17:23:00

Powered by a Zone-H(ified) version of AkoComment 3.0!

DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.

< Prev		Next >

[ Back ]