CVE-2006-6942 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name as exploited through (a) db_operations.php (2) the db parameter to (b) db_create.php (3) the newname parameter to db_operations.php the (4) query_history_latest (5) query_history_latest_db and (6) querydisplay_tab parameters to (c) querywindow.php and (7) the pos parameter to (d) sql.php.
Reference
http://marc.info/?l=bugtraq&m=116370414309444&w=2 http://secunia.com/advisories/26733 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7 http://www.securityfocus.com/bid/21137 http://www.us.debian.org/security/2007/dsa-1370 http://www.vupen.com/english/advisories/2006/4572 https://exchange.xforce.ibmcloud.com/vulnerabilities/30310
Share on: