CVE-2011-4782

Published: 22 December 2011

Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

Priority

Status

Package	Release	Status
phpmyadmin Launchpad, Ubuntu, Debian	hardy	Not vulnerable
	lucid	Not vulnerable
	maverick	Not vulnerable
	natty	Not vulnerable (4:3.3.10-1)
	oneiric	Ignored (end of life)
	precise	Not vulnerable (4:3.4.10.1-1)
	quantal	Not vulnerable
	raring	Ignored (end of life)
	saucy	Not vulnerable
	trusty	Not vulnerable
	upstream	Not vulnerable (4:3.4.9-1)
	Patches: upstream: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0e707906e69ce90c4852a0fce2a0fac7db86a3cd

References

http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php
https://www.cve.org/CVERecord?id=CVE-2011-4782
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.