DSA-1693 phppgadmin -- several vulnerabilitiesID: oval:org.mitre.oval:def:7719 | Date: (C)2009-12-15 (M)2021-06-06 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via the server parameter. Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via PHP_SELF. Directory traversal vulnerability allows remote attackers to read arbitrary files via _language parameter. For the stable distribution (etch), these problems have been fixed in version 4.0.1-3.1etch2. For the unstable distribution (sid), these problems have been fixed in version 4.2.1-1.1. We recommend that you upgrade your phppgadmin package.