CVE-2006-1678: XSS
First published: Mon Apr 10 2006(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/phpmyadmin | 4:5.0.4+dfsg2-2+deb11u1 4:5.2.1+dfsg-1 | |
| PhpMyAdmin | =2.0.0 | |
| PhpMyAdmin | =2.0.1 | |
| PhpMyAdmin | =2.0.2 | |
| PhpMyAdmin | =2.0.3 | |
| PhpMyAdmin | =2.0.4 | |
| PhpMyAdmin | =2.0.5 | |
| PhpMyAdmin | =2.1.0 | |
| PhpMyAdmin | =2.1.1 | |
| PhpMyAdmin | =2.1.2 | |
| PhpMyAdmin | =2.2.0 | |
| PhpMyAdmin | =2.2.0_pre1 | |
| PhpMyAdmin | =2.2.0_pre2 | |
| PhpMyAdmin | =2.2.0_rc1 | |
| PhpMyAdmin | =2.2.0_rc2 | |
| PhpMyAdmin | =2.2.0_rc3 | |
| PhpMyAdmin | =2.2.2 | |
| PhpMyAdmin | =2.2.3 | |
| PhpMyAdmin | =2.2.4 | |
| PhpMyAdmin | =2.2.5 | |
| PhpMyAdmin | =2.2.6 | |
| PhpMyAdmin | =2.3.1 | |
| PhpMyAdmin | =2.3.2 | |
| PhpMyAdmin | =2.4.0 | |
| PhpMyAdmin | =2.5.0 | |
| PhpMyAdmin | =2.5.1 | |
| PhpMyAdmin | =2.5.2 | |
| PhpMyAdmin | =2.5.3 | |
| PhpMyAdmin | =2.5.4 | |
| PhpMyAdmin | =2.5.5 | |
| PhpMyAdmin | =2.5.5_pl1 | |
| PhpMyAdmin | =2.5.5_rc1 | |
| PhpMyAdmin | =2.5.5_rc2 | |
| PhpMyAdmin | =2.5.6_rc1 | |
| PhpMyAdmin | =2.5.7 | |
| PhpMyAdmin | =2.5.7_pl1 | |
| PhpMyAdmin | =2.6.0_pl1 | |
| PhpMyAdmin | =2.6.0_pl2 | |
| PhpMyAdmin | =2.6.0_pl3 | |
| PhpMyAdmin | =2.6.1 | |
| PhpMyAdmin | =2.6.1_pl1 | |
| PhpMyAdmin | =2.6.1_pl3 | |
| PhpMyAdmin | =2.6.1_rc1 | |
| PhpMyAdmin | =2.6.2 | |
| PhpMyAdmin | =2.6.2_rc1 | |
| PhpMyAdmin | =2.6.3_pl1 | |
| PhpMyAdmin | =2.6.4_pl1 | |
| PhpMyAdmin | =2.6.4_pl3 | |
| PhpMyAdmin | =2.6.4_pl4 | |
| PhpMyAdmin | =2.6.4_rc1 | |
| PhpMyAdmin | =2.7.0 | |
| PhpMyAdmin | =2.7.0_beta1 | |
| PhpMyAdmin | =2.7.0_pl1 | |
| PhpMyAdmin | =2.7.0_pl2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-1
- http://www.securityfocus.com/bid/17390
- http://secunia.com/advisories/19556
- http://www.osvdb.org/24450
- http://www.novell.com/linux/security/advisories/2006_04_28.html
- http://secunia.com/advisories/19897
- http://www.debian.org/security/2006/dsa-1207
- http://secunia.com/advisories/22781
- http://www.vupen.com/english/advisories/2006/1263
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25689
- https://www.phpmyadmin.net/security/PMASA-2006-1/
- https://github.com/phpmyadmin/phpmyadmin/commit/0933619b6b2534b221817ea3f631cb984c258d6b
- https://security-tracker.debian.org/tracker/CVE-2006-1678
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1678
- https://security-tracker.debian.org/tracker/CVE-2005-3621
- https://security-tracker.debian.org/tracker/CVE-2005-3665
- https://security-tracker.debian.org/tracker/CVE-2005-3787
- https://security-tracker.debian.org/tracker/CVE-2006-1258
- https://security-tracker.debian.org/tracker/CVE-2006-1803
- https://security-tracker.debian.org/tracker/CVE-2006-1804
- https://security-tracker.debian.org/tracker/CVE-2006-2031
- https://security-tracker.debian.org/tracker/CVE-2006-2417
- https://security-tracker.debian.org/tracker/CVE-2006-2418
- https://security-tracker.debian.org/tracker/CVE-2006-3388
- http://www.a-eskwadraat.nl/~kink/debian/
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=362567
Frequently Asked Questions
What is the severity of CVE-2006-1678?
CVE-2006-1678 is classified as a high severity vulnerability due to its potential for remote code execution through cross-site scripting.
How do I fix CVE-2006-1678?
To fix CVE-2006-1678, it is recommended to upgrade phpMyAdmin to version 2.8.0.3 or later.
Which software versions are affected by CVE-2006-1678?
CVE-2006-1678 affects multiple phpMyAdmin versions prior to 2.8.0.3, including 2.1.1 up to 2.7.0.
What types of attacks are enabled by CVE-2006-1678?
CVE-2006-1678 enables remote attackers to inject arbitrary HTML or web scripts, leading to cross-site scripting attacks.
Where can I find more information about CVE-2006-1678?
Further details about CVE-2006-1678 can be found in the official phpMyAdmin security announcements and vulnerability disclosures.
- collector/security-tracker-debian
- collector/debian-bugs
- alias/CVE-2006-1678
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/phpmyadmin
- product/phpmyadmin
- canonical/phpmyadmin phpmyadmin
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- canonical/phpmyadmin
- version/phpmyadmin/2.1.1
- version/phpmyadmin/2.7.0
- version/phpmyadmin/2.7.0_pl1
- version/phpmyadmin/2.6.4_rc1
- version/phpmyadmin/2.2.4
- version/phpmyadmin/2.1.2
- version/phpmyadmin/2.2.0_rc2
- version/phpmyadmin/2.5.0
- version/phpmyadmin/2.2.0_rc1
- version/phpmyadmin/2.6.4_pl1
- version/phpmyadmin/2.0.4
- version/phpmyadmin/2.6.1
- version/phpmyadmin/2.6.1_pl3
- version/phpmyadmin/2.3.1
- version/phpmyadmin/2.7.0_pl2
- version/phpmyadmin/2.0.2
- version/phpmyadmin/2.5.5_rc1
- version/phpmyadmin/2.6.0_pl3
- version/phpmyadmin/2.5.7_pl1
- version/phpmyadmin/2.4.0
- version/phpmyadmin/2.5.5
- version/phpmyadmin/2.5.7
- version/phpmyadmin/2.6.2_rc1
- version/phpmyadmin/2.5.6_rc1
- version/phpmyadmin/2.0.3
- version/phpmyadmin/2.6.1_pl1
- version/phpmyadmin/2.2.0_pre1
- version/phpmyadmin/2.2.6
- version/phpmyadmin/2.6.0_pl1
- version/phpmyadmin/2.6.4_pl3
- version/phpmyadmin/2.1.0
- version/phpmyadmin/2.5.2
- version/phpmyadmin/2.0.1
- version/phpmyadmin/2.6.2
- version/phpmyadmin/2.5.1
- version/phpmyadmin/2.6.0_pl2
- version/phpmyadmin/2.3.2
- version/phpmyadmin/2.2.0_rc3
- version/phpmyadmin/2.5.4
- version/phpmyadmin/2.2.5
- version/phpmyadmin/2.5.3
- version/phpmyadmin/2.6.4_pl4
- version/phpmyadmin/2.2.2
- version/phpmyadmin/2.2.0
- version/phpmyadmin/2.2.3
- version/phpmyadmin/2.5.5_rc2
- version/phpmyadmin/2.0.0
- version/phpmyadmin/2.2.0_pre2
- version/phpmyadmin/2.6.3_pl1
- version/phpmyadmin/2.6.1_rc1
- version/phpmyadmin/2.7.0_beta1
- version/phpmyadmin/2.5.5_pl1
- version/phpmyadmin/2.0.5