phpMyAdmin - Security - PMASA-2008-4

PMASA-2010-3
PMASA-2010-2
PMASA-2010-1
PMASA-2009-6
PMASA-2009-5
PMASA-2009-4
PMASA-2009-3
PMASA-2009-2
PMASA-2009-1
PMASA-2008-10
PMASA-2008-9
PMASA-2008-8
PMASA-2008-7
PMASA-2008-6
PMASA-2008-5
PMASA-2008-4
PMASA-2008-3
PMASA-2008-2
PMASA-2008-1
PMASA-2007-8
PMASA-2007-7
PMASA-2007-6
PMASA-2007-5
PMASA-2007-4
PMASA-2007-3
PMASA-2007-2
PMASA-2007-1
PMASA-2006-9
PMASA-2006-8
PMASA-2006-7
PMASA-2006-6
PMASA-2006-5
PMASA-2006-4
PMASA-2006-3
PMASA-2006-2
PMASA-2006-1
PMASA-2005-9
PMASA-2005-8
PMASA-2005-7
PMASA-2005-6
PMASA-2005-5
PMASA-2005-4
PMASA-2005-3
PMASA-2005-2
PMASA-2005-1
PMASA-2004-4
PMASA-2004-3
PMASA-2004-2
PMASA-2004-1
PMASA-2003-1

PMASA-2008-4

Announcement-ID: PMASA-2008-4

Date: 2008-06-23

Summary

XSS on plausible insecure PHP installation

Description

We received an advisory from Tim Starling (Wikimedia), and we wish to thank him for his work. Some scripts in the /libraries directory were vulnerable to XSS.

Severity

We consider this vulnerability to be serious.

Affected Versions

Versions before 2.11.7.

Solution

Upgrade to phpMyAdmin 2.11.7 or newer.

References

Assigned CVE ids: CVE-2008-2960

Patches

Revision 11326

For further information and in case of questions, please contact the phpMyAdmin team. Our website is http://www.phpmyadmin.net.