PhpMyAdmin Unspecified SQL Injection And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

phpMyAdmin is prone to SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to phpMyAdmin 2.11.9.6 and 3.2.2.1 are affected.

Solution

Vendor updates are available. Please see the references for details.

References

http://freshmeat.net/projects/phpmyadmin/releases/306667
http://freshmeat.net/projects/phpmyadmin/releases/306669
http://www.phpmyadmin.net/
http://www.securityfocus.com/bid/36658

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3696

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Apache Archiva Multiple Vulnerabilities
Ampache Reflected Cross Site Scripting Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities

phpMyAdmin Unspecified SQL Injection and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities