Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 1207-2 (phpmyadmin)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

15 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update to phpmyadmin announced via advisory DSA 1207-2. The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, the original advisory text below: Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3621 CRLF injection vulnerability allows remote attackers to conduct HTTP response splitting attacks. CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. CVE-2006-1678 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via scripts in the themes directory. CVE-2006-2418 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the db parameter of footer.inc.php. CVE-2006-5116 A remote attacker could overwrite internal variables through the _FILES global variable.

Solution

Solution

For the stable distribution (sarge) these problems have been fixed in version 2.6.2-3sarge3. For the upcoming stable release (etch) and unstable distribution (sid) these problems have been fixed in version 2.9.0.3-1. We recommend that you upgrade your phpmyadmin package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201207-2

Common Vulnerabilities and Exposures (CVE)