CVE-2007-4306

Name of the Vulnerable Software and Affected Versions phpMyAdmin version 2.10.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected parameters include unlim num rows, sql query, pos, session max rows, username, and sql query in various phpMyAdmin scripts such as tbl export.php, sql.php, server privileges.php, and main.php.

Recommendations For phpMyAdmin version 2.10.3, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to the vulnerable parameters unlim num rows, sql query, pos, session max rows, and username in the affected scripts until a patch is available. Avoid using these parameters in the respective API endpoints until the issue is resolved.