PhpMyAdmin Debug Backtrace Cross Site Scripting Vulnerability Network Vulnerability

Summary

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to phpMyAdmin 3.3.6 are vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.phpmyadmin.net/
http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
https://www.securityfocus.com/bid/42874

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-2958

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

/cgi-bin directory browsable ?
AMSI 'file' Parameter Directory Traversal Vulnerability
Apache Subversion Module Metadata Accessible
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

phpMyAdmin Debug Backtrace Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities