CVE-2010-3056

Executive Summary

Informations
Name	CVE-2010-3056	First vendor Publication	2010-08-24
Vendor	Cve	Last vendor Modification	2011-01-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3056

CWE : Common Weakness Enumeration

id	Name
CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Phpmyadmin Phpmyadmin cpe:/a:phpmyadmin:phpmyadmin:3.3.5.0 cpe:/a:phpmyadmin:phpmyadmin:3.3.4.0 cpe:/a:phpmyadmin:phpmyadmin:3.3.3.0 cpe:/a:phpmyadmin:phpmyadmin:3.3.2.0 cpe:/a:phpmyadmin:phpmyadmin:3.3.1.0 cpe:/a:phpmyadmin:phpmyadmin:3.3.0.0 cpe:/a:phpmyadmin:phpmyadmin:3.2.2 cpe:/a:phpmyadmin:phpmyadmin:3.2.2:rc1 cpe:/a:phpmyadmin:phpmyadmin:3.2.1:rc1 cpe:/a:phpmyadmin:phpmyadmin:3.2.1 cpe:/a:phpmyadmin:phpmyadmin:3.2.0:beta1 cpe:/a:phpmyadmin:phpmyadmin:3.2.0 cpe:/a:phpmyadmin:phpmyadmin:3.2.0:rc1 cpe:/a:phpmyadmin:phpmyadmin:3.1.5:rc1 cpe:/a:phpmyadmin:phpmyadmin:3.1.5 cpe:/a:phpmyadmin:phpmyadmin:3.1.4 cpe:/a:phpmyadmin:phpmyadmin:3.1.4:rc2 cpe:/a:phpmyadmin:phpmyadmin:3.1.3.2 cpe:/a:phpmyadmin:phpmyadmin:3.1.3.1 cpe:/a:phpmyadmin:phpmyadmin:3.1.3:rc1 cpe:/a:phpmyadmin:phpmyadmin:3.1.3 cpe:/a:phpmyadmin:phpmyadmin:3.1.2 cpe:/a:phpmyadmin:phpmyadmin:3.1.2:rc1 cpe:/a:phpmyadmin:phpmyadmin:3.1.1:rc1 cpe:/a:phpmyadmin:phpmyadmin:3.1.1 cpe:/a:phpmyadmin:phpmyadmin:3.1.0:beta1 cpe:/a:phpmyadmin:phpmyadmin:3.1.0 cpe:/a:phpmyadmin:phpmyadmin:3.0.1.1 cpe:/a:phpmyadmin:phpmyadmin:3.0.1:rc1 cpe:/a:phpmyadmin:phpmyadmin:3.0.1 cpe:/a:phpmyadmin:phpmyadmin:3.0.0:alpha cpe:/a:phpmyadmin:phpmyadmin:3.0.0:rc1 cpe:/a:phpmyadmin:phpmyadmin:3.0.0:beta cpe:/a:phpmyadmin:phpmyadmin:3.0.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.6 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.5 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.4 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.3 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.2 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.8.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.7.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.7.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.6.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.5.2 cpe:/a:phpmyadmin:phpmyadmin:2.11.5.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.3.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2 cpe:/a:phpmyadmin:phpmyadmin:2.11.2.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.2.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.10.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.1.2 cpe:/a:phpmyadmin:phpmyadmin:2.11.1.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.0	58

Open Source Vulnerability Database (OSVDB)

id	Description
67491	phpMyAdmin libraries/sqlparser.lib.php Unspecified Parameter XSS
67490	phpMyAdmin libraries/sanitizing.lib.php Unspecified Parameter XSS
67489	phpMyAdmin libraries/db_info.inc.php Unspecified Parameter XSS
67488	phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
67487	phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
67486	phpMyAdmin libraries/database_interface.lib.php Unspecified Parameter XSS
67485	phpMyAdmin libraries/common.lib.php Unspecified Parameter XSS
67343	phpMyAdmin Extension for TYPO3 Multiple Unspecified XSS
67325	phpMyAdmin tbl_sql.php Unspecified Parameter XSS
67324	phpMyAdmin tbl_replace.php fields[multi_edit][] Parameter XSS
67323	phpMyAdmin sql.php Multiple Parameter XSS
67322	phpMyAdmin setup/config.php DefaultLang Parameter XSS
67321	phpMyAdmin server_privileges.php Multiple Parameter XSS
67320	phpMyAdmin server_databases.php sort_by Parameter XSS
67319	phpMyAdmin js/messages.php db Parameter XSS
67318	phpMyAdmin db_structure.php sort Parameter XSS
67317	phpMyAdmin db_sql.php delimiter Parameter XSS
67316	phpMyAdmin db_search.php field_str Parameter XSS

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/42584
CONFIRM	http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php https://bugzilla.redhat.com/show_bug.cgi?id=625877
DEBIAN	http://www.debian.org/security/2010/dsa-2097
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.... http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997....
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2010:163 http://www.mandriva.com/security/advisories?name=MDVSA-2010:164
MISC	http://yehg.net/lab/pr0js/advisories/phpmyadmin/%5Bphpmyadmin-3.3.5%5D_cross_...
SECUNIA	http://secunia.com/advisories/41000 http://secunia.com/advisories/41185
VUPEN	http://www.vupen.com/english/advisories/2010/2223 http://www.vupen.com/english/advisories/2010/2231

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:30:39	Multiple Updates

Type	Count
CPE ID(s)	58
osvdb(s)	18

Related	Severity
GLSA-201201-01	(Critical)
MDVSA-2010:163	(High)
DSA-2097	(High)
MDVSA-2010:164	(Medium)
CVE-2010-2958	(Medium)

Same Subject	Severity
Login to view 20 more Alert(s)

CVE-2010-3056

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU