Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Tobias Klein · textwebappsphp
https://www.exploit-db.com/exploits/26393
exploitdb
WORKING POC
VERIFIED
by Tobias Klein · textwebappsphp
https://www.exploit-db.com/exploits/26392
References (10)
Core 10
Core References
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_28_sr.html
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_66_phpmyadmin.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17607
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17559
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2179
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-880
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17337
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200510-21.xml
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15196
Scores
EPSS
0.1179
EPSS Percentile
93.7%
Details
Status
published
Products (4)
phpmyadmin/phpmyadmin
2.6.4
phpmyadmin/phpmyadmin
2.6.4_pl1
phpmyadmin/phpmyadmin
2.6.4_pl2
phpmyadmin/phpmyadmin
2.6.4_rc1
Published
Oct 24, 2005
Tracked Since
Feb 18, 2026