Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6942Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting24 documents7 sources
Severity
6.8MEDIUMNVD
NVD4.3NVD3.5NVD2.6
EPSS
2.2%
top 15.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
PhpmyadminDebian PhpmyadminDebian Linux
Timeline
PublishedJan 19
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:2.11.2.1-1 (bookworm)+3
Debianphpmyadmin/phpmyadmin< 4:2.9.1.1-2+11
NVDphpmyadmin/phpmyadmin2.9.1+13

Also affects: Debian Linux 3.1, 4.0

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

8
GHSA
GHSA-3754-x86m-fj9m: Cross-site scripting (XSS) vulnerability in pmd_pdf2022-05-14
GHSA
GHSA-ggm5-jxm9-g55m: Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 22022-05-01
GHSA
GHSA-2v44-f984-3xpw: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 22022-05-01
GHSA
GHSA-7wx4-pm9p-2c7w: Cross-site scripting (XSS) vulnerability in db_create2022-05-01
OSV
CVE-2008-4775: Cross-site scripting (XSS) vulnerability in pmd_pdf2008-10-28

💥Exploits & PoCs

4
Exploit-DB
phpMyAdmin 2.x - 'db_create.php?db' Cross-Site Scripting2006-09-15
Exploit-DB
phpMyAdmin 2.x - 'sql.php?pos' Cross-Site Scripting2006-09-15
Exploit-DB
phpMyAdmin 2.x - 'querywindow.php' Multiple Cross-Site Scripting Vulnerabilities2006-09-15
Exploit-DB
phpMyAdmin 2.x - 'db_operations.php' Multiple Cross-Site Scripting Vulnerabilities2006-09-15

📋Vendor Advisories

6
Red Hat
phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled2008-10-27
Debian
CVE-2008-4775: phpmyadmin - Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and...2008
Debian
CVE-2007-5977: phpmyadmin - Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2...2007
Debian
CVE-2007-4306: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow r...2007
Debian
CVE-2006-6942: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1...2006

💬Community

2
Bugzilla
CVE-2008-4775 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled2008-10-29
Bugzilla
CVE-2007-5977 XSS in db_create2007-11-15