|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
phpMyAdmin: Cross Site Scripting of setup.php
Synthesis of the vulnerability
An attacker can use parameters of setup.php script in order to inject HTML code in phpMyAdmin.
Impacted products: Debian, Fedora, phpMyAdmin.
Severity of this bulletin: 2/4.
Consequences of an intrusion: client access/rights.
Hacker's origin: document.
Creation date: 11/10/2007.
Références of this threat: 071009a, BID-26020, CVE-2007-5386, DSA-1403-1, FEDORA-2007-2738, FEDORA-2007-3639, MDKSA-2007:199, PMASA-2007-5, VIGILANCE-VUL-7245.
Description of the vulnerability
The phpMyAdmin program is used to administer a MySQL database.
This vulnerability therefore permits an attacker to conduct a Cross Site Scripting attack, when victim is authenticated on phpMyAdmin.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides network vulnerability alerts. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.