Summary: | <dev-db/phpmyadmin-3.4.0: Information Disclosure Vulnerabilities (CVE-2010-{4480,4481}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 354227 | ||
Bug Blocks: |
Description
Tim Sammut (RETIRED)
2011-01-01 17:17:58 UTC
Will be fixed by update to 3.4.0. Stabilization via bug 354227. Stabilization of a fixed package completed in bug 354227. GLSA Vote: No. CVE-2010-4481 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4481): phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. CVE-2010-4480 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4480): error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". voting no too, and closing. |