|
|
CVE Reference: CVE-2006-6942 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-6942 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/30310 SAID Secunia Advisory: SA26733 DEBIAN http://www.us.debian.org/security/2007/dsa-1370 CONFIRM http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=116370414309444&w=2 BID 21137 |
|
| Return to the previous page. |
