Vulnerabilities > CVE-2006-1678 - Cross-Site Scripting vulnerability in PHPMyAdmin

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
phpmyadmin
nessus

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.

Vulnerable Configurations

Part Description Count
Application
Phpmyadmin
53

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-1207.NASL
descriptionThe phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, please find below the original advisory text : Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3621 CRLF injection vulnerability allows remote attackers to conduct HTTP response splitting attacks. - CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. - CVE-2006-1678 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via scripts in the themes directory. - CVE-2006-2418 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the db parameter of footer.inc.php. - CVE-2006-5116 A remote attacker could overwrite internal variables through the _FILES global variable.
last seen2020-06-01
modified2020-06-02
plugin id23656
published2006-11-20
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/23656
titleDebian DSA-1207-2 : phpmyadmin - several vulnerabilities