Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-4775

Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.

Related bugs and status

CVE-2008-4775 (Candidate) is related to these bugs:

Bug #306699: please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable

Summary				In	Importance	Status
	306699	please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable		phpmyadmin (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 31928
SECUNIA: 32449
FEDORA: FEDORA-2008-9316
FEDORA: FEDORA-2008-9336
SECUNIA: 32482
SREASON: 4516
GENTOO: GLSA-200903-32
VUPEN: ADV-2008-2943
XF: phpmyadmin-pmdpdf-xss(...
BUGTRAQ: 20081027 XSS in phpMya...