Computer Security

Security Advisory: about phpMyAdmin setup.php XSS vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Multiple CSRF in SimplePHPBlog

  WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities

  WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities

From:Marc Delisle <Marc.Delisle_(at)_cegepsherbrooke.qc.ca>
Date:18.10.2007
Subject:about phpMyAdmin setup.php XSS vulnerability

Hi,

phpMyAdmin version 2.11.1.1 was released to fix this, along with a
security announcement:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5

which contains a mitigating factor:

"We could only trigger it when using Internet Explorer with the 'send
URLs as UTF8' setting disabled. The default value of this setting being
'enabled' reduces the impact of this problem."

For distros who prefer a small patch:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/php
MyAdmin/scripts/setup.php?r1=10637&r2=10748&view=patch

Marc Delisle, for the team
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru