FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-3696

This CVE name corresponds to:

Entered Topic
2009-10-13 phpmyadmin -- XSS and SQL injection vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-3696
Phase Assigned(20091013)

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.

References

Source Reference
MLIST [oss-security] 20091014 CVE Request -- phpMyAdmin
MLIST [oss-security] 20091015 Re: CVE Request -- phpMyAdmin
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=288899
CONFIRM http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html
CONFIRM http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html
CONFIRM http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=528769
CONFIRM http://freshmeat.net/projects/phpmyadmin/releases/306667
CONFIRM http://freshmeat.net/projects/phpmyadmin/releases/306669
CONFIRM http://typo3.org/extensions/repository/view/phpmyadmin/4.5.0/
CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-015/
FEDORA FEDORA-2009-10510
FEDORA FEDORA-2009-10530
MANDRIVA MDVSA-2009:274
SUSE SUSE-SR:2009:017
BID 36658
SECUNIA 37016
VUPEN ADV-2009-2899
XF phpmyadmin-tablename-xss(53742)