Executive Summary

Informations
NameCVE-2011-2642First vendor Publication2011-08-01
VendorCveLast vendor Modification2011-10-25

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score2.6Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2642

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application75

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)
File : nvt/glsa_201201_01.nasl
2011-08-18Name : Mandriva Update for phpmyadmin MDVSA-2011:124 (phpmyadmin)
File : nvt/gb_mandriva_MDVSA_2011_124.nasl
2011-08-12Name : Fedora Update for phpMyAdmin FEDORA-2011-9725
File : nvt/gb_fedora_2011_9725_phpMyAdmin_fc14.nasl
2011-08-12Name : Fedora Update for phpMyAdmin FEDORA-2011-9734
File : nvt/gb_fedora_2011_9734_phpMyAdmin_fc15.nasl
2011-08-07Name : FreeBSD Ports: phpMyAdmin
File : nvt/freebsd_phpMyAdmin24.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
74109phpMyAdmin Table Print View Table Name Parameter XSS

Nessus® Vulnerability Scanner

DateDescription
2012-01-05Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-01.nasl - Type : ACT_GATHER_INFO
2011-08-05Name : The remote Fedora host is missing a security update.
File : fedora_2011-9725.nasl - Type : ACT_GATHER_INFO
2011-08-05Name : The remote Fedora host is missing a security update.
File : fedora_2011-9734.nasl - Type : ACT_GATHER_INFO
2011-07-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2286.nasl - Type : ACT_GATHER_INFO
2011-07-26Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_d79fc873b5f911e089b4001ec9578670.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/48874
CONFIRMhttp://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;...
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;...
http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php
https://bugzilla.redhat.com/show_bug.cgi?id=725381
DEBIANhttp://www.debian.org/security/2011/dsa-2286
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410....
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418....
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:124
SECUNIAhttp://secunia.com/advisories/45315
http://secunia.com/advisories/45365
http://secunia.com/advisories/45515
XFhttp://xforce.iss.net/xforce/xfdb/68750

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:03:31
  • Multiple Updates
2013-05-10 23:03:34
  • Multiple Updates