CVE-2006-6942
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
19/01/2007
Last modified:
29/07/2017
Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* | 2.9.1 (including) | |
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_beta1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_rc1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=116370414309444&w=2
- http://secunia.com/advisories/26733
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7
- http://www.securityfocus.com/bid/21137
- http://www.us.debian.org/security/2007/dsa-1370
- http://www.vupen.com/english/advisories/2006/4572
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30310