OSVDB ID: 47487

Title: phpMyAdmin setup.php Configuration Manipulation Based XSS

Info

Disclosure

Jul 28, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
OSVDB: Web Related

Solution

Upgrade to version 2.11.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

phpMyAdmin Devel Team

phpMyAdmin

2.11.7 and lower

References

CVE ID: 2008-3457 (see also: NVD)
Secunia Advisory ID: 31263 31312 31960 32834
Related OSVDB ID: 47486
VUPEN Advisory: ADV-2008-2226
Other Advisory URL: http://lists.debian.org/debian-security-announce/2008/msg00230.html
http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf
Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
Vendor Specific Advisory URL: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6
https://moodle.org/mod/forum/discuss.php?d=102261

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/47487