CVE-2011-4782

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0e707906e69ce90c4852a0fce2a0fac7db86a3cd

http://www.mandriva.com/security/advisories?name=MDVSA-2011:198

http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php

https://exchange.xforce.ibmcloud.com/vulnerabilities/71938

Details

Source: MITRE

Published: 2011-12-22

Updated: 2017-08-29

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
74585openSUSE Security Update : phpMyAdmin (openSUSE-2012-18)NessusSuSE Local Security Checks
medium
57433GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
57424Fedora 15 : phpMyAdmin-3.4.9-1.fc15 (2011-17370)NessusFedora Local Security Checks
medium
57423Fedora 16 : phpMyAdmin-3.4.9-1.fc16 (2011-17369)NessusFedora Local Security Checks
medium
57390FreeBSD : phpMyAdmin -- Multiple XSS (8c83145d-2c95-11e1-89b4-001ec9578670)NessusFreeBSD Local Security Checks
medium
57372phpMyAdmin 3.4.x < 3.4.9 XSS (PMASA-2011-19 - PMASA-2011-20)NessusCGI abuses : XSS
medium