PT-2005-3734 · Phpmyadmin · Phpmyadmin

Andreas Kerber

Published

2005-09-08

Updated

2024-06-15

CVE-2005-2869

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 2.6.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the username variable to libraries/auth/cookie.auth.lib.php or the error parameter to error.php.

Recommendations For versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the libraries/auth/cookie.auth.lib.php and error.php files to minimize the risk of exploitation. Avoid using the username variable in the affected libraries/auth/cookie.auth.lib.php file and the error parameter in the error.php file until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2869

DSA-880-1

OPENSUSE-SU-2024:11171-1

Affected Products

Phpmyadmin

PT-2005-3734 · Phpmyadmin · Phpmyadmin

CVE-2005-2869

Related Identifiers

Affected Products

References · 47