Executive Summary
Summary | |
---|---|
Title | Updated phpMyAdmin packages fix multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | MDKSA-2007:229 | First vendor Publication | 2007-11-20 |
Vendor | Mandriva | Last vendor Modification | 2007-11-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.1.2 release. This update provides version 2.11.2.2 which is the latest stable release of phpMyAdmin. No configuration changes should be required since the previous update (version 2.11.1.2). If upgrading from older versions, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient so simply replace config.default.php with config.default.php.rpmnew and make whatever modifications are necessary. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:229 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-03-21 | Name : phpMyAdmin DB_Create.PHP Multiple Input Validation Vulnerabilities File : nvt/phpmyadmin_cve_2007_5976.nasl |
2009-03-20 | Name : Gentoo Security Advisory GLSA 200903-32 (phpmyadmin) File : nvt/glsa_200903_32.nasl |
2009-02-27 | Name : Fedora Update for phpMyAdmin FEDORA-2007-3627 File : nvt/gb_fedora_2007_3627_phpMyAdmin_fc7.nasl |
2009-02-27 | Name : Fedora Update for phpMyAdmin FEDORA-2007-3636 File : nvt/gb_fedora_2007_3636_phpMyAdmin_fc8.nasl |
2009-02-27 | Name : Fedora Update for phpMyAdmin FEDORA-2007-3639 File : nvt/gb_fedora_2007_3639_phpMyAdmin_fc8.nasl |
2009-02-27 | Name : Fedora Update for phpMyAdmin FEDORA-2007-3666 File : nvt/gb_fedora_2007_3666_phpMyAdmin_fc7.nasl |
2008-09-04 | Name : FreeBSD Ports: phpMyAdmin File : nvt/freebsd_phpMyAdmin12.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38714 | phpMyAdmin db_create.php db Parameter XSS phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'db' variable upon submission to the 'db_create.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
38713 | phpMyAdmin db_create.php db Parameter SQL Injection |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-03-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-32.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3627.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3636.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3639.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3666.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_2d2dcbb4906c11dca9510016179b2dd5.nasl - Type : ACT_GATHER_INFO |