ID CVE-2006-3388
Summary Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.0
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.0
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.4
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.4
  • phpMYAdmin 2.0.5
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.5
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.4
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.4
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.5
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.5
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.6
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.6
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_pre1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_pre1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_pre2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_pre2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.3.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.3.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.3.2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.3.2
  • phpMYAdmin 2.4.0
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.4.0
  • phpMYAdmin 2.5.0
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.0
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_rc1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_rc1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_rc1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_rc1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl4
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl4
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_rc1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_rc1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.7
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.7
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_beta1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_beta1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.7_pl1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.7_pl1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4
CVSS
Base: 5.8 (as of 07-07-2006 - 13:38)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
NASL family SuSE Local Security Checks
NASL id SUSE_PHPMYADMIN-2300.NASL
description This patch upgrades the phpMyAdmin package to version 2.9.1.1, including fixes for the security problems tracked by the Mitre CVE IDs CVE-2006-3388, CVE-2006-5116, CVE-2006-5117, and CVE-2006-5718.
last seen 2019-02-21
modified 2018-07-19
plugin id 27395
published 2007-10-17
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=27395
title openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-2300)
refmap via4
bid 18754
bugtraq 20060630 phpMyAdmin : Cross-Site Scripting Vulnerability
confirm http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-4
misc http://securitynews.ir/advisories/phpmyadmin281.txt
secunia
  • 20907
  • 23086
sreason 1194
suse SUSE-SA:2006:071
vupen ADV-2006-2622
xf phpmyadmin-table-xss(27493)
Last major update 07-03-2011 - 21:38
Published 06-07-2006 - 16:05
Last modified 18-10-2018 - 12:47
Back to Top