QwikSec

Security Database

CVE

CWE

Training

CVE-2006-6942

Published: Jan 19, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

20061116 PhpMyAdmin all version [multiples vulnerability]

mailing-list

x_refsource_BUGTRAQ

phpmyadmin-multiple-parameter-xss(30310)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.