CVE-2005-0543
published 2005-02-24CVE-2005-0543: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.96%
89.1th percentile
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 3:2.6.1-pl2-1 (bookworm) | phpmyadmin 3:2.6.1-pl2-1 (bookworm) |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 3:2.6.1-pl2-1 | 3:2.6.1-pl2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 3:2.6.1-pl2-1 | 3:2.6.1-pl2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 3:2.6.1-pl2-1 | 3:2.6.1-pl2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 3:2.6.1-pl2-1 | 3:2.6.1-pl2-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_redhat5.0MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2005-0543: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attac...
vendor_debian·2005·CVSS 4.3
CVE-2005-0543 [MEDIUM] CVE-2005-0543: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attac...
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
Scope: local
bookworm: resolved (fixed in 3:2.6.1-pl2-1)
bullseye: resolved (fixed in 3:2.6.1-pl2-1)
forky: resolved (fixed in 3:2.6.1-pl2-1)
sid: resolved (fixed in 3:2.6.1-pl2-1)
trixie: resolved (fixed in 3:2.6.1-pl2-1)
Red Hat
CVE-2005-1730: Multiple vulnerabilities in the OpenSSL ASN
vendor_redhat·CVSS 5.0
CVE-2005-1730 [MEDIUM] CVE-2005-1730: Multiple vulnerabilities in the OpenSSL ASN
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.
Statement: Based on our research we believe that the "OpenSSL ASN.1 brute forcer." is actually exploiting flaws CVE-2003-0543, CVE-2003-0544, CVE-2003-0545. Those issues are all addressed in Red Hat Enterprise Linux and therefore CVE-2005-1730 is a duplicate assignment.
GHSA
GHSA-gj5v-2g4g-3xxm: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
ghsa_unreviewed·2022-05-01
CVE-2005-0543 [MEDIUM] CWE-79 GHSA-gj5v-2g4g-3xxm: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
OSV
CVE-2005-0543: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
osv·2005-02-24·CVSS 4.3
CVE-2005-0543 [MEDIUM] CVE-2005-0543: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
No detection rules found.
Exploit-DB
phpMyAdmin 2.6 - 'display_tbl_links.lib.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-02-24
CVE-2005-0543 phpMyAdmin 2.6 - 'display_tbl_links.lib.php' Multiple Cross-Site Scripting Vulnerabilities
phpMyAdmin 2.6 - 'display_tbl_links.lib.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/12644/info
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&bgcolor=%22%3E[XSS%20code]
http://www.example.com/phpMyAdmin/libraries/displ
Exploit-DB
phpMyAdmin 2.6 - 'theme_right.css.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-02-24
CVE-2005-0543 phpMyAdmin 2.6 - 'theme_right.css.php' Multiple Cross-Site Scripting Vulnerabilities
phpMyAdmin 2.6 - 'theme_right.css.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/12644/info
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/phpMyAdmin/themes/original/css/theme_right.css.php?right_font_family=[XSS]
Exploit-DB
phpMyAdmin 2.6 - 'select_server.lib.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-02-24
CVE-2005-0543 phpMyAdmin 2.6 - 'select_server.lib.php' Multiple Cross-Site Scripting Vulnerabilities
phpMyAdmin 2.6 - 'select_server.lib.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/12644/info
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&show_server_left=MyToMy&strServer=[XSS%20code]
http://www.example.com/phpMyAdmin/libraries/s
Exploit-DB
phpMyAdmin 2.6 - 'theme_left.css.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-02-24
CVE-2005-0543 phpMyAdmin 2.6 - 'theme_left.css.php' Multiple Cross-Site Scripting Vulnerabilities
phpMyAdmin 2.6 - 'theme_left.css.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/12644/info
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/phpMyAdmin/themes/original/css/theme_left.css.php?num_dbs=0&left_font_family=[XSS]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110929725801154&w=2http://secunia.com/advisories/14382http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408http://www.gentoo.org/security/en/glsa/glsa-200503-07.xmlhttp://www.securityfocus.com/bid/12644https://exchange.xforce.ibmcloud.com/vulnerabilities/19462http://marc.info/?l=bugtraq&m=110929725801154&w=2http://secunia.com/advisories/14382http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408http://www.gentoo.org/security/en/glsa/glsa-200503-07.xmlhttp://www.securityfocus.com/bid/12644https://exchange.xforce.ibmcloud.com/vulnerabilities/19462
2005-02-24
Published