Description
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.
References (9)
Core 9
Core References
Patch vendor-advisory
x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20627
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1207
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22781
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26441
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17973
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1794
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20113
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2
Scores
EPSS
0.0368
EPSS Percentile
88.1%
Details
Status
published
Products (1)
phpmyadmin/phpmyadmin
2.8.0.3
Published
May 16, 2006
Tracked Since
Feb 18, 2026