Classification: vulnerability EXP-Cross-Site XSS, Author: TenableNetworkSecurity, affected system: phpmyadminphpMyAdmin3.x unaffected system: phpMyAdminphpMyAdmin3.3.7 Description: CVEID: CVE-2010-3263phpMyAdmin is a tool written in PHP for MySQL management through WEB. Setu of phpMyAdmin
Category: vulnerability EXP-XSS, Author: TEnableNetwork Security,
Affected Systems:PhpMyadmin phpMyAdmin 3.x
Unaffected system: phpMyAdmin 3.3.7 Description: cve id: CVE-2010-3263 phpMyAdmin is used
PHPA tool used to manage MySQL through the WEB. PhpMyAdmin
SetThe up script does not properly filter and submit
Setup/Frames/ind
Ex. I
Nc. Php page parameters. Remote attackers can inject and execute arbitrary Web scripts or HTML by using malicious server names. <* Source: Tenable Network Security (http://www.tenablesecurity.com/) Link: http://secunia.com/advisories/41210 http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php*> suggestion: vendor patch: phpMyAdmin -------- the vendor has released a patch to fix this Security problem, download http: // phpmyadmin from the vendor's homepage.
Git.Sourceforge.net/git/gitweb.cgi? P = phpmyadmin/phpmyadmin; a = commit
Diff; H = 73ce5705bd1e0b62060f75702d62f88247ce09
Dd