LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

phpMyAdmin: multiple vulnerabilities

Package(s):phpmyadmin CVE #(s):CVE-2011-3646 CVE-2011-4064
Created:October 21, 2011 Updated:November 14, 2011
Description:

From the Mandriva advisory:

When the js_frame parameter of phpmyadmin.css.php is defined as an array, an error message shows the full path of this file, leading to possible further attacks (CVE-2011-3646).

Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory (CVE-2011-4064).

Alerts:
Fedora FEDORA-2011-15460 2011-11-05
Fedora FEDORA-2011-15472 2011-11-05
Fedora FEDORA-2011-15469 2011-11-05
Mandriva MDVSA-2011:158 2011-10-21
Gentoo 201201-01 2012-01-04
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds