FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Cross Site Scripting Vulnerabilities

Affected packages
phpMyAdmin < 2.11.7


VuXML ID e285a1f4-4568-11dd-ae96-0030843d3802
Discovery 2008-06-23
Entry 2008-06-28
Modified 2010-05-12

Secunia report:

Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that "register_globals" is enabled and support for ".htaccess" files is disabled.


CVE Name CVE-2008-2960