BugTraq
about phpMyAdmin setup.php XSS vulnerability Oct 15 2007 11:10PM
Marc Delisle (Marc Delisle cegepsherbrooke qc ca)
Hi,

phpMyAdmin version 2.11.1.1 was released to fix this, along with a
security announcement:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5

which contains a mitigating factor:

"We could only trigger it when using Internet Explorer with the 'send
URLs as UTF8' setting disabled. The default value of this setting being
'enabled' reduces the impact of this problem."

For distros who prefer a small patch:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2
_11_1/phpMyAdmin/scripts/setup.php?r1=10637&r2=10748&view=patch

Marc Delisle, for the team

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus