PHPMyAdmin error.php 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192980 漏洞类型 跨站脚本
发布时间 2006-11-01 更新时间 2006-11-24
CVE编号 CVE-2006-5718 CNNVD-ID CNNVD-200611-060
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/20856
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-060
|漏洞详情
phpMyAdmin中的error.php存在跨站脚本攻击(XSS)漏洞,远程攻击者可以通过注入到错误消息内的UTF-7或US-ASCII编码字符来注入任意Web脚本或HTML,如带有utf7字符集参数及UTF-7数据的请求。
|受影响的产品
S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 10.1
|参考资料

来源:BID
名称:20856
链接:http://www.securityfocus.com/bid/20856
来源:www.phpmyadmin.net
链接:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6
来源:MISC
链接:http://www.hardened-php.net/advisory_122006.137.html
来源:VUPEN
名称:ADV-2006-4298
链接:http://www.frsirt.com/english/advisories/2006/4298
来源:SECUNIA
名称:22599
链接:http://secunia.com/advisories/22599
来源:XF
名称:phpmyadmin-utf7-xss(29957)
链接:http://xforce.iss.net/xforce/xfdb/29957
来源:BUGTRAQ
名称:20061102Advisory12/2006:phpMyAdmin-error.phpXSSVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/450397/100/0/threaded
来源:SECUNIA
名称:23086
链接:http://secunia.com/advisories/23086
来源:SUSE
名称:SUSE-SA:2006:071
链接:http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html