CVE-2012-4579 in phpMyAdmininfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

08/21/2012

Disclosure

08/21/2012

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
6020phpMyAdmin GIS Data cross site scripting79Proof-of-ConceptOfficial fixCVE-2012-4579
6019phpMyAdmin Trigger cross site scripting79Proof-of-ConceptOfficial fixCVE-2012-4579
6018phpMyAdmin Trigger Add Trigger cross site scripting79Proof-of-ConceptOfficial fixCVE-2012-4579
6017phpMyAdmin DROP cross site scripting79Proof-of-ConceptOfficial fixCVE-2012-4579

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!