Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Michal Cihar · textwebappsphp
https://www.exploit-db.com/exploits/26199
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_28_sr.html
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_66_phpmyadmin.html
Exploit, Vendor Advisory x_refsource_confirm
http://sourceforge.net/tracker/index.php?func=detail&aid=1265740&group_id=23067&atid=377408
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17607
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17559
Exploit, Vendor Advisory x_refsource_confirm
http://sourceforge.net/tracker/index.php?func=detail&aid=1240880&group_id=23067&atid=377408
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-880
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17337
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16605
Scores
EPSS
0.1181
EPSS Percentile
93.8%
Details
Status
published
Products (46)
phpmyadmin/phpmyadmin
2.0
phpmyadmin/phpmyadmin
2.0.1
phpmyadmin/phpmyadmin
2.0.2
phpmyadmin/phpmyadmin
2.0.3
phpmyadmin/phpmyadmin
2.0.4
phpmyadmin/phpmyadmin
2.0.5
phpmyadmin/phpmyadmin
2.1
phpmyadmin/phpmyadmin
2.1.1
phpmyadmin/phpmyadmin
2.1.2
phpmyadmin/phpmyadmin
2.2
... and 36 more
Published
Sep 08, 2005
Tracked Since
Feb 18, 2026