[Japanese]

JVNDB-2008-000061

phpMyAdmin cross-site scripting vulnerability

Overview

phpMyAdmin provided by The phpMyAdmin Project contains a cross-site scripting vulnerability.

phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability.

Masako Oono of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


The phpMyAdmin Project
  • phpMyAdmin 2.11.9.1 and earlier

Impact

An arbitrary script may be executed on the user's web browser.
According to the developer, Microsoft Internet Explorer is only affected by this vulnerability and it is confirmed that Mozilla Firefox, Google Chrome, Konqueror, and Apple Safari are not affected by this issue.
For more information, refer to the developer's website.
Solution

[Update the Software]
Apply the latest update provided by the developer.
Vendor Information

The phpMyAdmin Project
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2008-4326
References

  1. JVN : JVN#54824688
  2. National Vulnerability Database (NVD) : CVE-2008-4326
  3. VUPEN Security : VUPEN/ADV-2008-2657
  4. JVN iPedia (Japanese) : JVNDB-2008-000061
Revision History

  • [2008/09/26]
      Web page published