CVE-2011-4634

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071040.html

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=077c10020e349e8c1beb46309098992fde616913

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=1490533d91e9d3820e78ca4eac7981886eaea2cb

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b289fe082441dc739939b0ba15dae0d9dc6cee92

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=dac8d6ce256333ff45b5f46270304b8657452740

http://www.mandriva.com/security/advisories?name=MDVSA-2011:198

http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php

Details

Source: MITRE

Published: 2011-12-22

Updated: 2012-11-06

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
74539openSUSE Security Update : phpMyAdmin (openSUSE-2011-94)NessusSuSE Local Security Checks
medium
57433GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
57337phpMyAdmin 3.4.x < 3.4.8 XSS (PMASA-2011-18)NessusCGI abuses : XSS
medium
57327Fedora 15 : phpMyAdmin-3.4.8-1.fc15 (2011-16786)NessusFedora Local Security Checks
medium
57326Fedora 16 : phpMyAdmin-3.4.8-1.fc16 (2011-16768)NessusFedora Local Security Checks
medium
56988FreeBSD : phpMyAdmin -- Multiple XSS (ed536336-1c57-11e1-86f4-e0cb4e266481)NessusFreeBSD Local Security Checks
medium