Vulnerabilities > CVE-2006-3388 - Unspecified vulnerability in PHPmyadmin
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpmyadmin
nessus
Summary
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_071.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:071 (phpMyAdmin). The phpMyAdmin package was upgraded to version 2.9.1.1. While we usually do not do version upgrades, fixing the occurring security problems of phpMyAdmin got too difficult so we decided to go with the current upstream version. This release includes fixes for the previously not fixed security problems tracked by the Mitre CVE IDs CVE-2006-3388, CVE-2006-5116, CVE-2006-5117, and CVE-2006-5718 and of course all other bugs fixed in 2.9.1.1. last seen 2019-10-28 modified 2007-02-18 plugin id 24448 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24448 title SUSE-SA:2006:071: phpMyAdmin code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:071 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(24448); script_version ("1.9"); name["english"] = "SUSE-SA:2006:071: phpMyAdmin"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2006:071 (phpMyAdmin). The phpMyAdmin package was upgraded to version 2.9.1.1. While we usually do not do version upgrades, fixing the occurring security problems of phpMyAdmin got too difficult so we decided to go with the current upstream version. This release includes fixes for the previously not fixed security problems tracked by the Mitre CVE IDs CVE-2006-3388, CVE-2006-5116, CVE-2006-5117, and CVE-2006-5718 and of course all other bugs fixed in 2.9.1.1." ); script_set_attribute(attribute:"solution", value: "http://www.novell.com/linux/security/advisories/2006_71_phpmyadmin.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18"); script_end_attributes(); summary["english"] = "Check for the version of the phpMyAdmin package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"phpMyAdmin-2.9.1.1-2.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"phpMyAdmin-2.9.1.1-2.1", release:"SUSE9.3") ) { security_hole(0); exit(0); }NASL family SuSE Local Security Checks NASL id SUSE_PHPMYADMIN-2300.NASL description This patch upgrades the phpMyAdmin package to version 2.9.1.1, including fixes for the security problems tracked by the Mitre CVE IDs CVE-2006-3388, CVE-2006-5116, CVE-2006-5117, and CVE-2006-5718. last seen 2020-06-01 modified 2020-06-02 plugin id 27395 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27395 title openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-2300)
References
- http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html
- http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html
- http://secunia.com/advisories/20907
- http://secunia.com/advisories/20907
- http://secunia.com/advisories/23086
- http://secunia.com/advisories/23086
- http://securitynews.ir/advisories/phpmyadmin281.txt
- http://securitynews.ir/advisories/phpmyadmin281.txt
- http://securityreason.com/securityalert/1194
- http://securityreason.com/securityalert/1194
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-4
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-4
- http://www.securityfocus.com/archive/1/438870/100/0/threaded
- http://www.securityfocus.com/archive/1/438870/100/0/threaded
- http://www.securityfocus.com/bid/18754
- http://www.securityfocus.com/bid/18754
- http://www.vupen.com/english/advisories/2006/2622
- http://www.vupen.com/english/advisories/2006/2622
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27493