ID CVE-2006-2418
Summary Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.
References
Vulnerable Configurations
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3
CVSS
Base: 6.8 (as of 17-05-2006 - 15:55)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PHPMYADMIN-1581.NASL
    description Missing checks of the 'db' and 'theme' parameters could be exploited for cross site scripting attacks (CVE-2006-2417, CVE-2006-2418).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27393
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27393
    title openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-1581)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1207.NASL
    description The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, please find below the original advisory text : Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3621 CRLF injection vulnerability allows remote attackers to conduct HTTP response splitting attacks. - CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. - CVE-2006-1678 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via scripts in the themes directory. - CVE-2006-2418 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the db parameter of footer.inc.php. - CVE-2006-5116 A remote attacker could overwrite internal variables through the _FILES global variable.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 23656
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23656
    title Debian DSA-1207-2 : phpmyadmin - several vulnerabilities
refmap via4
bid 17973
confirm http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2
debian DSA-1207
secunia
  • 20113
  • 20627
  • 22781
suse SUSE-SR:2006:013
vupen ADV-2006-1794
xf phpmyadmin-db-xss(26441)
Last major update 07-03-2011 - 21:36
Published 16-05-2006 - 06:02
Last modified 19-07-2017 - 21:31
Back to Top