PublicDate: 2007-01-19 02:28:00 UTC
Candidate: CVE-2006-6942
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6942
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before
 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via
 (1) a comment for a table name, as exploited through (a) db_operations.php,
 (2) the db parameter to (b) db_create.php, (3) the newname parameter to
 db_operations.php, the (4) query_history_latest, (5)
 query_history_latest_db, and (6) querydisplay_tab parameters to (c)
 querywindow.php, and (7) the pos parameter to (d) sql.php.
Ubuntu-Description:
Notes:
 wgrant> PMASA-2006-7
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_phpmyadmin: ignored (reached end-of-life)
edgy_phpmyadmin: needed (reached end-of-life)
feisty_phpmyadmin: not-affected
gutsy_phpmyadmin: not-affected
hardy_phpmyadmin: not-affected
intrepid_phpmyadmin: not-affected
jaunty_phpmyadmin: not-affected
karmic_phpmyadmin: not-affected
devel_phpmyadmin: not-affected
upstream_phpmyadmin: released (2.9.1.1)