CVE-2010-3056

Exploit

EPSS 0.76%
Published 24.08.2010 20:00:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Phpmyadmin ≫ Phpmyadmin Version2.11.0

Phpmyadmin ≫ Phpmyadmin Version2.11.1.0

Phpmyadmin ≫ Phpmyadmin Version2.11.1.1

Phpmyadmin ≫ Phpmyadmin Version2.11.1.2

Phpmyadmin ≫ Phpmyadmin Version2.11.2.0

Phpmyadmin ≫ Phpmyadmin Version2.11.2.1

Phpmyadmin ≫ Phpmyadmin Version2.11.2.2

Phpmyadmin ≫ Phpmyadmin Version2.11.3.0

Phpmyadmin ≫ Phpmyadmin Version2.11.4.0

Phpmyadmin ≫ Phpmyadmin Version2.11.5.0

Phpmyadmin ≫ Phpmyadmin Version2.11.5.1

Phpmyadmin ≫ Phpmyadmin Version2.11.5.2

Phpmyadmin ≫ Phpmyadmin Version2.11.6.0

Phpmyadmin ≫ Phpmyadmin Version2.11.7.0

Phpmyadmin ≫ Phpmyadmin Version2.11.7.1

Phpmyadmin ≫ Phpmyadmin Version2.11.8.0

Phpmyadmin ≫ Phpmyadmin Version2.11.9.0

Phpmyadmin ≫ Phpmyadmin Version2.11.9.1

Phpmyadmin ≫ Phpmyadmin Version2.11.9.2

Phpmyadmin ≫ Phpmyadmin Version2.11.9.3

Phpmyadmin ≫ Phpmyadmin Version2.11.9.4

Phpmyadmin ≫ Phpmyadmin Version2.11.9.5

Phpmyadmin ≫ Phpmyadmin Version2.11.9.6

Phpmyadmin ≫ Phpmyadmin Version2.11.10.0

Phpmyadmin ≫ Phpmyadmin Version3.0.0

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatealpha

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatebeta

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.0.1

Phpmyadmin ≫ Phpmyadmin Version3.0.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.0.1.1

Phpmyadmin ≫ Phpmyadmin Version3.1.0

Phpmyadmin ≫ Phpmyadmin Version3.1.0 Updatebeta1

Phpmyadmin ≫ Phpmyadmin Version3.1.1

Phpmyadmin ≫ Phpmyadmin Version3.1.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.2

Phpmyadmin ≫ Phpmyadmin Version3.1.2 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.3

Phpmyadmin ≫ Phpmyadmin Version3.1.3 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.3.1

Phpmyadmin ≫ Phpmyadmin Version3.1.3.2

Phpmyadmin ≫ Phpmyadmin Version3.1.4

Phpmyadmin ≫ Phpmyadmin Version3.1.4 Updaterc2

Phpmyadmin ≫ Phpmyadmin Version3.1.5

Phpmyadmin ≫ Phpmyadmin Version3.1.5 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.0

Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updatebeta1

Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.1

Phpmyadmin ≫ Phpmyadmin Version3.2.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.2

Phpmyadmin ≫ Phpmyadmin Version3.2.2 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.3.0.0

Phpmyadmin ≫ Phpmyadmin Version3.3.1.0

Phpmyadmin ≫ Phpmyadmin Version3.3.2.0

Phpmyadmin ≫ Phpmyadmin Version3.3.3.0

Phpmyadmin ≫ Phpmyadmin Version3.3.4.0

Phpmyadmin ≫ Phpmyadmin Version3.3.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.76%	0.71

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/41185

Vendor Advisory

http://www.debian.org/security/2010/dsa-2097

http://www.mandriva.com/security/advisories?name=MDVSA-2010:163

http://www.vupen.com/english/advisories/2010/2223

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2231

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997.html

http://secunia.com/advisories/41000

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:164