CVE-2008-3457

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 2.11.8

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via crafted setup arguments in setup.php. This can only be exploited in scenarios where the attacker can modify config/config.inc.php.

Recommendations For versions prior to 2.11.8, update to version 2.11.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the setup.php file and limiting modifications to config/config.inc.php to minimize the risk of exploitation.