Description
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Oriol Torrent Santiago · textwebappsphp
https://www.exploit-db.com/exploits/25330
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111264361622660&w=2
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12982
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14799
Vendor Advisory x_refsource_misc
http://www.arrelnet.com/advisories/adv20050403.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19940
Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200504-08.xml
Scores
EPSS
0.1016
EPSS Percentile
93.2%
Details
Status
published
Products (42)
phpmyadmin/phpmyadmin
2.0
phpmyadmin/phpmyadmin
2.0.1
phpmyadmin/phpmyadmin
2.0.2
phpmyadmin/phpmyadmin
2.0.3
phpmyadmin/phpmyadmin
2.0.4
phpmyadmin/phpmyadmin
2.0.5
phpmyadmin/phpmyadmin
2.1
phpmyadmin/phpmyadmin
2.1.1
phpmyadmin/phpmyadmin
2.1.2
phpmyadmin/phpmyadmin
2.2
... and 32 more
Published
May 02, 2005
Tracked Since
Feb 18, 2026