cbcvebase.
CVE-2006-6942
published 2007-01-19

CVE-2006-6942: Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a…

PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.19%
86.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianphpmyadmin< phpmyadmin 4:2.11.2.1-1 (bookworm)phpmyadmin 4:2.11.2.1-1 (bookworm)
debianphpmyadmin< phpmyadmin 4:2.9.1.1-2 (bookworm)phpmyadmin 4:2.9.1.1-2 (bookworm)
debianphpmyadmin< phpmyadmin 4:2.11.8.1-4 (bookworm)phpmyadmin 4:2.11.8.1-4 (bookworm)
debianphpmyadmin
phpmyadminphpmyadmin<= 2.9.1
phpmyadminphpmyadmin<= 2.11.2
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin>= 0 < 4:2.9.1.1-24:2.9.1.1-2
phpmyadminphpmyadmin>= 0 < 4:2.11.8.1-44:2.11.8.1-4
phpmyadminphpmyadmin>= 0 < 4:2.11.2.1-14:2.11.2.1-1
phpmyadminphpmyadmin>= 0 < 4:2.9.1.1-24:2.9.1.1-2
phpmyadminphpmyadmin>= 0 < 4:2.11.8.1-44:2.11.8.1-4

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.