Back to search
CVE-2006-5718
Published: Nov 4, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20856
vdb-entry
x_refsource_BID
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6
x_refsource_CONFIRM
ADV-2006-4298
vdb-entry
x_refsource_VUPEN
phpmyadmin-utf7-xss(29957)
vdb-entry
x_refsource_XF
20061102 Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability
mailing-list
x_refsource_BUGTRAQ
22599
third-party-advisory
x_refsource_SECUNIA
23086
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2006:071
vendor-advisory
x_refsource_SUSE
http://www.hardened-php.net/advisory_122006.137.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now