The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security vulnerability: phpMyAdmin Cross-Site Scripting Vulnerabilities

Discussion in 'Security' started by iCARus, Nov 19, 2004.

  1. iCARus

    iCARus Well-Known Member

    Joined:
    Apr 8, 2003
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16
    Cedric Cochin has reported some vulnerabilities in phpMyAdmin, which
    can be exploited by malicious people to conduct cross-site scripting
    attacks.

    Input passed to the "zero_rows" and "sql_query" parameters in
    "read_dump.php" and the "PmaAbsoluteUri" parameter is not
    sufficiently sanitised before being returned to users. This can be
    exploited to execute arbitrary HTML or script code in a user's
    browser session in context of a vulnerable site.

    SOLUTION:
    Update to version 2.6.0-pl3.
    http://www.phpmyadmin.net/home_page/downloads.php
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You should really report security issues to cPanel either via bugzilla or to billing@cpanel.net
     
Loading...

Share This Page