CVE-2006-6942 : Detail

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 29058

Publication date : 2006-09-14 22h00 +00:00
Author : laurent gaffie
EDB Verified : Yes

Exploit Database EDB-ID : 29059

Publication date : 2006-09-14 22h00 +00:00
Author : laurent gaffie
EDB Verified : Yes

Exploit Database EDB-ID : 29060

Publication date : 2006-09-14 22h00 +00:00
Author : laurent gaffie
EDB Verified : Yes

Exploit Database EDB-ID : 29061

Publication date : 2006-09-14 22h00 +00:00
Author : laurent gaffie
EDB Verified : Yes

Products Mentioned

Configuraton 0

Phpmyadmin>>Phpmyadmin >> Version To (including) 2.9.1

Phpmyadmin>>Phpmyadmin >> Version 2.9.0

Phpmyadmin>>Phpmyadmin >> Version 2.9.0.1

Phpmyadmin>>Phpmyadmin >> Version 2.9.0.2

Phpmyadmin>>Phpmyadmin >> Version 2.9.0.3

Phpmyadmin>>Phpmyadmin >> Version 2.9.0_beta1

Phpmyadmin>>Phpmyadmin >> Version 2.9.0_rc1

Phpmyadmin>>Phpmyadmin >> Version 2.9.1_rc1

Phpmyadmin>>Phpmyadmin >> Version 2.9.1_rc2

Configuraton 0

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 4.0

References