PT-2004-2040 · Php · Phpmyadmin
Cedric Cochin
·
Published
2004-11-24
·
Updated
2017-07-11
·
CVE-2004-1055
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
phpMyAdmin versions 2.6.0-pl2 and earlier
Description:
The issue allows remote attackers to inject arbitrary web script or HTML via several parameters and components, including the
PmaAbsoluteUri parameter, the zero rows parameter in read dump.php, the confirm form, or an error message generated by the internal phpMyAdmin parser.Recommendations:
For phpMyAdmin versions 2.6.0-pl2 and earlier, update to a version later than 2.6.0-pl2 to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpmyadmin