CVE-2006-6942

Priority
Untriaged
Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before
2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via
(1) a comment for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter to
db_operations.php, the (4) query_history_latest, (5)
query_history_latest_db, and (6) querydisplay_tab parameters to (c)
querywindow.php, and (7) the pos parameter to (d) sql.php.
References
Notes
PMASA-2006-7
Package
Upstream:released (2.9.1.1)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:17:33 UTC (commit 5347)