PMASA-2007-2
Announcement-ID: PMASA-2007-2
Date: 2007-01-16
Summary
XSS and Path Disclosure vulnerabilities
Description
We received an advisory from Laurent Gaffié and we wish to thank him for his work. It was possible to trigger these attacks on db_create.php and index.php.
Severity
We consider these vulnerabilities to be serious.
Affected Versions
Probably all versions to 2.9.1.1.
Solution
Upgrade to phpMyAdmin 2.9.2 or newer.
References
Assigned CVE IDs: CVE-2007-1395
CWE IDs: CWE-661 CWE-79 CWE-200
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.