CVE-2016-2045 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting7 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 48.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin Fedoraproject Fedora

Timeline

PublishedFeb 20

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.5.4-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.5.4-1+3

▶NVDphpmyadmin/phpmyadmin6 versions+5

Also affects: Fedora 22, 23

Patches

Patch: www.phpmyadmin.net ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-f8gp-vg7w-rp8x: Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4↗2022-05-17

▶

OSV

CVE-2016-2045: Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4↗2016-02-20

▶

📋Vendor Advisories

Debian

CVE-2016-2045: phpmyadmin - Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x b...↗2016

▶

💬Community

Bugzilla

CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [fedora-all]↗2016-01-28

▶

Bugzilla

CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [epel-all]↗2016-01-28

▶

Bugzilla

CVE-2016-2045 phpMyAdmin: XSS vulnerability in SQL editor (PMASA-2016-9)↗2016-01-28

▶