Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4775 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

2.6LOWNVD

OSV6.8

EPSS

8.3%

top 7.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedOct 28

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.11.8.1-4 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.11.8.1-4+3

▶NVDphpmyadmin/phpmyadmin2.11.9.2, 3.0.0, 3.0.1+2

🔴Vulnerability Details

GHSA

GHSA-3754-x86m-fj9m: Cross-site scripting (XSS) vulnerability in pmd_pdf↗2022-05-14

▶

OSV

CVE-2008-4775: Cross-site scripting (XSS) vulnerability in pmd_pdf↗2008-10-28

▶

💥Exploits & PoCs

Exploit-DB

phpMyAdmin 3.0.1 - 'pmd_pdf.php' Cross-Site Scripting↗2008-10-27

▶

📋Vendor Advisories

Red Hat

phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled↗2008-10-27

▶

Debian

CVE-2008-4775: phpmyadmin - Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and...↗2008

▶

💬Community

Bugzilla

CVE-2008-4775 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled↗2008-10-29

▶