Executive Summary

Informations
NameCVE-2010-3056First vendor Publication2010-08-24
VendorCveLast vendor Modification2011-01-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3056

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application58

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)
File : nvt/glsa_201201_01.nasl
2010-12-02Name : Fedora Update for phpMyAdmin FEDORA-2010-13402
File : nvt/gb_fedora_2010_13402_phpMyAdmin_fc14.nasl
2010-10-10Name : Debian Security Advisory DSA 2097-1 (phpmyadmin)
File : nvt/deb_2097_1.nasl
2010-10-10Name : Debian Security Advisory DSA 2097-2 (phpmyadmin)
File : nvt/deb_2097_2.nasl
2010-10-10Name : FreeBSD Ports: phpMyAdmin
File : nvt/freebsd_phpMyAdmin21.nasl
2010-09-07Name : Mandriva Update for phpmyadmin MDVSA-2010:164 (phpmyadmin)
File : nvt/gb_mandriva_MDVSA_2010_164.nasl
2010-08-30Name : phpMyAdmin Multiple Cross Site Scripting Vulnerabilities
File : nvt/gb_phpmyadmin_42584.nasl
2010-08-24Name : Fedora Update for phpMyAdmin FEDORA-2010-13249
File : nvt/gb_fedora_2010_13249_phpMyAdmin_fc13.nasl
2010-08-24Name : Fedora Update for phpMyAdmin FEDORA-2010-13258
File : nvt/gb_fedora_2010_13258_phpMyAdmin_fc12.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
67491phpMyAdmin libraries/sqlparser.lib.php Unspecified Parameter XSS
67490phpMyAdmin libraries/sanitizing.lib.php Unspecified Parameter XSS
67489phpMyAdmin libraries/db_info.inc.php Unspecified Parameter XSS
67488phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
67487phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
67486phpMyAdmin libraries/database_interface.lib.php Unspecified Parameter XSS
67485phpMyAdmin libraries/common.lib.php Unspecified Parameter XSS
67343phpMyAdmin Extension for TYPO3 Multiple Unspecified XSS
67325phpMyAdmin tbl_sql.php Unspecified Parameter XSS
67324phpMyAdmin tbl_replace.php fields[multi_edit][] Parameter XSS
67323phpMyAdmin sql.php Multiple Parameter XSS
67322phpMyAdmin setup/config.php DefaultLang Parameter XSS
67321phpMyAdmin server_privileges.php Multiple Parameter XSS
67320phpMyAdmin server_databases.php sort_by Parameter XSS
67319phpMyAdmin js/messages.php db Parameter XSS
67318phpMyAdmin db_structure.php sort Parameter XSS
67317phpMyAdmin db_sql.php delimiter Parameter XSS
67316phpMyAdmin db_search.php field_str Parameter XSS

Nessus® Vulnerability Scanner

DateDescription
2012-01-05Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-01.nasl - Type : ACT_GATHER_INFO
2010-08-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2097.nasl - Type : ACT_GATHER_INFO
2010-08-24Name : The remote Fedora host is missing a security update.
File : fedora_2010-13402.nasl - Type : ACT_GATHER_INFO
2010-08-23Name : The remote Fedora host is missing a security update.
File : fedora_2010-13249.nasl - Type : ACT_GATHER_INFO
2010-08-23Name : The remote Fedora host is missing a security update.
File : fedora_2010-13258.nasl - Type : ACT_GATHER_INFO
2010-08-23Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_274922b8ad2011dfaf1f00e0814cab4e.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/42584
CONFIRMhttp://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
https://bugzilla.redhat.com/show_bug.cgi?id=625877
DEBIANhttp://www.debian.org/security/2010/dsa-2097
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991....
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997....
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:163
http://www.mandriva.com/security/advisories?name=MDVSA-2010:164
MISChttp://yehg.net/lab/pr0js/advisories/phpmyadmin/%5Bphpmyadmin-3.3.5%5D_cross_...
SECUNIAhttp://secunia.com/advisories/41000
http://secunia.com/advisories/41185
VUPENhttp://www.vupen.com/english/advisories/2010/2223
http://www.vupen.com/english/advisories/2010/2231

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:56:55
  • Multiple Updates
2013-05-10 23:30:39
  • Multiple Updates