|Category:||Web application abuses|
|Title:||phpMyAdmin 'error.php' Cross Site Scripting Vulnerability|
|Summary:||Check if phpMyAdmin is vulnerable to Cross-Site Scripting|
Overview: The host is running phpMyAdmin and is prone to Cross-Site Scripting
The flaw is caused by input validation errors in the 'error.php' script when
processing crafted BBcode tags containing '@' characters, which could allow
attackers to inject arbitrary HTML code within the error page and conduct
Successful exploitation will allow attackers to inject arbitrary HTML code
within the error page and conduct phishing attacks.
Impact Level: Application
phpMyAdmin version 126.96.36.199 and prior.
Fix: No solution or patch is available as of 10th December, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
Common Vulnerability Exposure (CVE) ID: CVE-2010-4480|
Debian Security Information: DSA-2139 (Google Search)
BugTraq ID: 45633
|Copyright||Copyright (C) 2010 Greenbone Networks GmbH|
|This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.