1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2008-4775
PublicDate: 2008-10-28
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4775
Description:
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin
3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when
register_globals is enabled, allows remote attackers to inject arbitrary
web script or HTML via the db parameter, a different vector than
CVE-2006-6942 and CVE-2007-5977.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_phpmyadmin:
upstream: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/pmd_pdf.php?r1=11361&r2=11683
upstream_phpmyadmin: needed
dapper_phpmyadmin: not-affected (code not present)
gutsy_phpmyadmin: needed (reached end-of-life)
hardy_phpmyadmin: released (4:2.11.3-1ubuntu1.2)
intrepid_phpmyadmin: released (4:2.11.8.1-1ubuntu0.1)
jaunty_phpmyadmin: not-affected (4:3.1.2-1)
devel_phpmyadmin: not-affected (4:3.2.0.1-1)
|