CVE-2005-2869
phpMyAdmin < 2.6.4 - Cross-Site Scripting via Username or Error Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-2869. PoCs published by Michal Cihar.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpMyAdmin via the error.php parameter. The PoC shows how arbitrary JavaScript can be executed by injecting a script tag into the error parameter.
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpMyAdmin via the error.php parameter. The PoC shows how arbitrary JavaScript can be executed by injecting a script tag into the error parameter.