Summary: | dev-db/phpmyadmin <= 2.11.9.2: "db" Cross-Site Scripting Vulnerability (CVE-2008-4775) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matti Bickel (RETIRED) <mabi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | glua |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/32449/ | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matti Bickel (RETIRED)
2008-10-29 18:57:30 UTC
XSS vuln, unpatched upstream. Requires "register_globals" to be on according to original report, so it may have a very low impact. CVE-2008-4775 2.11.9.3 is out which fixes the issue: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=2 Advisory from phpmyadmin: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-9 POC: http://www.example.com/pmd_pdf.php?db=>"><script>alert('Hadi-Kiamarsi')</script> Please provide us with a new ebuild. :) Added phpmyadmin-2.11.9.3 to the tree. Targets: alpha amd64 hppa ppc ppc64 sparc x86 amd64/x86 stable alpha/sparc stable Stable for HPPA. ppc64 stable ppc stable Removed vulnerable version. webapps done. Since we already have a request in the pool for bug 237781, I vote YES. Yes, too. Adding to previous request. GLSA 200903-32 |