PMASA-2007-7
Announcement-ID: PMASA-2007-7
Date: 2007-11-11
Summary
XSS vulnerabilities
Description
We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to create a malicious database name that contains XSS code.
Our team fixed another XSS vulnerability regarding database names.
Severity
We consider these vulnerabilities to be serious.
Affected Versions
Probably all versions before 2.11.2.1.
Solution
Upgrade to phpMyAdmin 2.11.2.1 or newer.
References
For the first issue: http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html
Assigned CVE IDs: CVE-2007-5977
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.