CVE-2006-2418 - Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow re

CVE-2006-2418

Summary

Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. Some releases of phpMyAdmin before 2.8.0.4 are affected (2.6.2 tested vulnerable). This vulnerability is addressed in the following product release: phpMyAdmin, phpMyAdmin, 2.8.0.4

References

Vulnerable Configurations

cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	17973
confirm	http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2
debian	DSA-1207
secunia	20113 20627 22781
suse	SUSE-SR:2006:013
vupen	ADV-2006-1794
xf	phpmyadmin-db-xss(26441)

Last major update

20-07-2017 - 01:31

Published

16-05-2006 - 10:02

Last modified

20-07-2017 - 01:31