Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security vulnerability: phpMyAdmin Cross-Site Scripting Vulnerabilities

Discussion in 'Security' started by iCARus, Nov 19, 2004.

  1. iCARus

    iCARus Well-Known Member

    Joined:
    Apr 8, 2003
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    166
    Cedric Cochin has reported some vulnerabilities in phpMyAdmin, which
    can be exploited by malicious people to conduct cross-site scripting
    attacks.

    Input passed to the "zero_rows" and "sql_query" parameters in
    "read_dump.php" and the "PmaAbsoluteUri" parameter is not
    sufficiently sanitised before being returned to users. This can be
    exploited to execute arbitrary HTML or script code in a user's
    browser session in context of a vulnerable site.

    SOLUTION:
    Update to version 2.6.0-pl3.
    http://www.phpmyadmin.net/home_page/downloads.php
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You should really report security issues to cPanel either via bugzilla or to billing@cpanel.net
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice