First published: Mon Jul 25 2011(Updated: )
An cross-site scripting (XSS) flaw was found in the way phpMyAdmin, the MySQL over WWW administration tool, displayed table names in multi tables printview. A remote attacker, able to create a particular table on the victim's server, could provide a specially-crafted URL, which once visited by valid phpMyAdmin user could lead to arbitrary JavaScript code execution. References: [1] <a href="http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php">http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php</a> [2] <a href="http://www.phpmyadmin.net/home_page/news.php">http://www.phpmyadmin.net/home_page/news.php</a> Upstream patches: [3] <a href="http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=a0823be05aa5835f207c0838b9cca67d2d9a050a">http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=a0823be05aa5835f207c0838b9cca67d2d9a050a</a> [4] <a href="http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=4bd27166c314faa37cada91533b86377f4d4d214">http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=4bd27166c314faa37cada91533b86377f4d4d214</a> [5] <a href="http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=8ac8328229ae7493d6060b6272578d85879c698d">http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=8ac8328229ae7493d6060b6272578d85879c698d</a> (against the 3.3 branch)
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
phpMyAdmin phpMyAdmin | =3.0.1.1 | |
phpMyAdmin phpMyAdmin | =3.2.1 | |
phpMyAdmin phpMyAdmin | =3.3.10.0 | |
phpMyAdmin phpMyAdmin | =2.11.1.2 | |
phpMyAdmin phpMyAdmin | =3.1.4 | |
phpMyAdmin phpMyAdmin | =3.1.3 | |
phpMyAdmin phpMyAdmin | =2.11.5.1 | |
phpMyAdmin phpMyAdmin | =2.11.5.0 | |
phpMyAdmin phpMyAdmin | =3.3.8.1 | |
phpMyAdmin phpMyAdmin | =3.2.0 | |
phpMyAdmin phpMyAdmin | =3.3.10.1 | |
phpMyAdmin phpMyAdmin | =3.2.1-rc1 | |
phpMyAdmin phpMyAdmin | =3.1.2 | |
phpMyAdmin phpMyAdmin | =2.11.9.0 | |
phpMyAdmin phpMyAdmin | =3.1.0-beta1 | |
phpMyAdmin phpMyAdmin | =2.11.9.1 | |
phpMyAdmin phpMyAdmin | =3.3.3.0 | |
phpMyAdmin phpMyAdmin | =3.0.0-alpha | |
phpMyAdmin phpMyAdmin | =3.3.4.0 | |
phpMyAdmin phpMyAdmin | =3.3.9.2 | |
phpMyAdmin phpMyAdmin | =3.1.0 | |
phpMyAdmin phpMyAdmin | =2.11.5.2 | |
phpMyAdmin phpMyAdmin | =2.11.2.2 | |
phpMyAdmin phpMyAdmin | =3.0.0 | |
phpMyAdmin phpMyAdmin | =3.2.0-beta1 | |
phpMyAdmin phpMyAdmin | =2.11.8.0 | |
phpMyAdmin phpMyAdmin | =3.3.1.0 | |
phpMyAdmin phpMyAdmin | =3.3.7 | |
phpMyAdmin phpMyAdmin | =3.0.0-rc1 | |
phpMyAdmin phpMyAdmin | =2.11.4.0 | |
phpMyAdmin phpMyAdmin | =3.1.5-rc1 | |
phpMyAdmin phpMyAdmin | =2.11.2.1 | |
phpMyAdmin phpMyAdmin | =3.1.5 | |
phpMyAdmin phpMyAdmin | =3.1.1-rc1 | |
phpMyAdmin phpMyAdmin | =3.1.4-rc2 | |
phpMyAdmin phpMyAdmin | =3.3.5.0 | |
phpMyAdmin phpMyAdmin | <=3.3.10.2 | |
phpMyAdmin phpMyAdmin | =2.11.9.5 | |
phpMyAdmin phpMyAdmin | =2.11.10.0 | |
phpMyAdmin phpMyAdmin | =3.1.1 | |
phpMyAdmin phpMyAdmin | =2.11.6.0 | |
phpMyAdmin phpMyAdmin | =3.3.0.0 | |
phpMyAdmin phpMyAdmin | =3.3.6 | |
phpMyAdmin phpMyAdmin | =3.3.2.0 | |
phpMyAdmin phpMyAdmin | =2.11.7.0 | |
phpMyAdmin phpMyAdmin | =3.3.9.0 | |
phpMyAdmin phpMyAdmin | =2.11.9.6 | |
phpMyAdmin phpMyAdmin | =3.1.3-rc1 | |
phpMyAdmin phpMyAdmin | =3.1.3.2 | |
phpMyAdmin phpMyAdmin | =2.11.2.0 | |
phpMyAdmin phpMyAdmin | =2.11.9.2 | |
phpMyAdmin phpMyAdmin | =2.11.9.3 | |
phpMyAdmin phpMyAdmin | =3.3.5.1 | |
phpMyAdmin phpMyAdmin | =3.0.0-beta | |
phpMyAdmin phpMyAdmin | =3.3.9.1 | |
phpMyAdmin phpMyAdmin | =2.11.1.1 | |
phpMyAdmin phpMyAdmin | =3.0.1 | |
phpMyAdmin phpMyAdmin | =2.11.9.4 | |
phpMyAdmin phpMyAdmin | =3.1.3.1 | |
phpMyAdmin phpMyAdmin | =2.11.7.1 | |
phpMyAdmin phpMyAdmin | =2.11.3.0 | |
phpMyAdmin phpMyAdmin | =3.1.2-rc1 | |
phpMyAdmin phpMyAdmin | =3.3.8 | |
phpMyAdmin phpMyAdmin | =3.2.0-rc1 | |
phpMyAdmin phpMyAdmin | =3.2.2 | |
phpMyAdmin phpMyAdmin | =3.0.1-rc1 | |
phpMyAdmin phpMyAdmin | =2.11.1.0 | |
phpMyAdmin phpMyAdmin | =3.2.2-rc1 | |
phpMyAdmin phpMyAdmin | =2.11.0 | |
phpMyAdmin phpMyAdmin | =2.11.10.1 | |
phpMyAdmin phpMyAdmin | =3.4.0.0 | |
phpMyAdmin phpMyAdmin | =3.4.3.1 | |
phpMyAdmin phpMyAdmin | =3.4.1.0 | |
phpMyAdmin phpMyAdmin | =3.4.2.0 | |
phpMyAdmin phpMyAdmin | =3.4.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.