CVE

Id
23046  
CVE No.
CVE-2006-6942  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.  
Phase
Assigned (20070118)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
222535 23046 CVE-2006-6942 BUGTRAQ:20061116 PhpMyAdmin all version [multiples vulnerability]  View
222536 23046 CVE-2006-6942 URL:http://marc.info/?l=bugtraq&m=116370414309444&w=2  View
222537 23046 CVE-2006-6942 CONFIRM:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7  View
222538 23046 CVE-2006-6942 DEBIAN:DSA-1370  View
222539 23046 CVE-2006-6942 URL:http://www.us.debian.org/security/2007/dsa-1370  View
222540 23046 CVE-2006-6942 BID:21137  View
222541 23046 CVE-2006-6942 URL:http://www.securityfocus.com/bid/21137  View
222542 23046 CVE-2006-6942 VUPEN:ADV-2006-4572  View
222543 23046 CVE-2006-6942 URL:http://www.vupen.com/english/advisories/2006/4572  View
222544 23046 CVE-2006-6942 SECUNIA:26733  View
222545 23046 CVE-2006-6942 URL:http://secunia.com/advisories/26733  View
222546 23046 CVE-2006-6942 XF:phpmyadmin-multiple-parameter-xss(30310)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
56137 JVNDB-2007-004829 phpMyAdmin におけるアクセスルールを回避される脆弱性 phpMyAdmin には、IP アドレスで許可 / 拒否を判断するアクセスルールを回避される脆弱性が存在します。 CVE-2006-6944 23046 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004829.html  View