CVE-2006-6942

Phpmyadmin < 2.9.1 - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

Exploits (4)

exploitdb WORKING POC VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/29061
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/29060
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/29059
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/29058

References (7)

Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7
Not Applicable vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4572
Permissions Required third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26733
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=116370414309444&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30310
Third Party Advisory vendor-advisory x_refsource_debian
http://www.us.debian.org/security/2007/dsa-1370
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21137

Scores

EPSS 0.0224
EPSS Percentile 84.6%

Details

CWE
CWE-79
Status published
Products (11)
debian/debian_linux 3.1
debian/debian_linux 4.0
phpmyadmin/phpmyadmin 2.9.0
phpmyadmin/phpmyadmin 2.9.0.1
phpmyadmin/phpmyadmin 2.9.0.2
phpmyadmin/phpmyadmin 2.9.0.3
phpmyadmin/phpmyadmin 2.9.0_beta1
phpmyadmin/phpmyadmin 2.9.0_rc1
phpmyadmin/phpmyadmin 2.9.1_rc1
phpmyadmin/phpmyadmin 2.9.1_rc2
... and 1 more
Published Jan 19, 2007
Tracked Since Feb 18, 2026