FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- multiple XSS vulnerabilities

Affected packages
phpMyAdmin < 3.4.5

Details

VuXML ID e44fe906-df27-11e0-a333-001cc0a36e12
Discovery 2011-09-11
Entry 2011-09-14

phpMyAdmin development team reports:

Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities.

Versions 3.4.0 to 3.4.4 were found vulnerable.

[source]

References

URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.