Announcement-ID: PMASA-2007-6
Date: 2007-10-17
Updated: 2007-10-24
XSS vulnerabilities
We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to trigger this attack on server_status.php.
Our team fixed also other possible XSS vulnerabilities regarding PHP_SELF, PATH_INFO, REQUEST_URI.
We consider these vulnerabilities to be serious.
Probably all versions before 2.11.1.2.
Upgrade to phpMyAdmin 2.11.1.2 or newer.
http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html
Assigned CVE ids: CVE-2007-5589
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.