Bug#363519: phpmyadmin: CVE-2006-1803/CVE-2006-1804 "sql_query" Cross-Site Scripting and SQL Code Execution

Stefan Fritsch Wed, 19 Apr 2006 08:26:51 -0700

Package: phpmyadmin
Severity: important
Tags: security

CVE-2006-1803:
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin
2.7.0-pl1 allows remote attackers to inject arbitrary web script or
HTML via the sql_query parameter.


CVE-2006-1804 seems to be a duplicate of this.

http://www.frsirt.com/english/advisories/2006/1372 implies that
this also affects 2.8.0.3


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#363519: phpmyadmin: CVE-2006-1803/CVE-2006-1804 "sql_query" Cross-Site Scripting and SQL Code Execution

Reply via email to