Vulnerabilities > CVE-2005-3787 - Cross-Site Scripting vulnerability in PHPMyAdmin
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.
Vulnerable Configurations
Nessus
NASL family | SuSE Local Security Checks |
NASL id | SUSE_SA_2006_004.NASL |
description | The remote host is missing the patch for the advisory SUSE-SA:2006:004 (phpMyAdmin). Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665). We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above. |
last seen | 2019-10-28 |
modified | 2006-01-29 |
plugin id | 20820 |
published | 2006-01-29 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20820 |
title | SUSE-SA:2006:004: phpMyAdmin |