Fluid Attacks Database

Description

phpMyAdmin Multiple XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=3.5 <3.5.2.2	3.5.2.2
debian 11	phpmyadmin	>=0 <4:3.4.11.1-1	4:3.4.11.1-1
debian 13	phpmyadmin	>=0 <4:3.4.11.1-1	4:3.4.11.1-1
debian 12	phpmyadmin	>=0 <4:3.4.11.1-1	4:3.4.11.1-1

Aliases

1. CVE-2012-45792. NVD-2012-45793. OSV-2012-45794. OSV-DEBIAN-2012-45795. GCVE-2012-45796. SECURITY-TRACKER-CVE-2012-4579

References

1. http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.