[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-4775Date: (C)2008-10-28   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/497815/100/0/threaded
BID-31928
SECUNIA-32449
SECUNIA-32482
SREASON-4516
ADV-2008-2943
FEDORA-2008-9316
FEDORA-2008-9336
GLSA-200903-32
phpmyadmin-pmdpdf-xss(46136)

CPE    3
cpe:/a:phpmyadmin:phpmyadmin:2.11.9.2
cpe:/a:phpmyadmin:phpmyadmin:3.0.0
cpe:/a:phpmyadmin:phpmyadmin:3.0.1
CWE    1
CWE-79

© SecPod Technologies