From Secunia: CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: phpMyAdmin 2.x http://secunia.com/advisories/product/1720/ phpMyAdmin 3.x http://secunia.com/advisories/product/20256/ DESCRIPTION: Hadi Kiamarsi has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "db" parameter in pmd_pdf.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation may require that the victim has valid user credentials. The vulnerability is confirmed in version 2.11.9.2 and 3.0.1 and reported in version 3.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Hadi Kiamarsi ORIGINAL ADVISORY: http://seclists.org/bugtraq/2008/Oct/0199.html
XSS vuln, unpatched upstream. Requires "register_globals" to be on according to original report, so it may have a very low impact.
CVE-2008-4775
2.11.9.3 is out which fixes the issue: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=2 Advisory from phpmyadmin: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-9 POC: http://www.example.com/pmd_pdf.php?db=>"><script>alert('Hadi-Kiamarsi')</script> Please provide us with a new ebuild. :)
Added phpmyadmin-2.11.9.3 to the tree. Targets: alpha amd64 hppa ppc ppc64 sparc x86
amd64/x86 stable
alpha/sparc stable
Stable for HPPA.
ppc64 stable
ppc stable
Removed vulnerable version. webapps done.
Since we already have a request in the pool for bug 237781, I vote YES.
Yes, too. Adding to previous request.
GLSA 200903-32