CVE-2011-4780

Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=bd3735ba584e7a49aee78813845245354b061f61
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198
http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/51226

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.8.0:::::::*

History

No history.

Information

Published : 2011-12-22 20:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-4780

Mitre link : CVE-2011-4780

CVE.ORG link : CVE-2011-4780

JSON object : View

Products Affected

phpmyadmin

phpmyadmin

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2011-4780", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-12-22T20:55:00.983", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html", "source": "cve@mitre.org"}, {"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=bd3735ba584e7a49aee78813845245354b061f61", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:198", "source": "cve@mitre.org"}, {"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/51226", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en libraries/display_export.lib.php en phpMyAdmin v3.4.x antes de v3.4.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de un los siguientes par\u00e1metros de URL modificados (1) server, (2) database, y(3) table sections,"}], "lastModified": "2023-11-07T02:09:36.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C714361-7AE3-4DC2-994C-7C67B41226B0"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A3CED16-3ECE-49F6-A52B-0222B14DBC88"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4938BCE-1365-469A-B714-A5D9C451FA20"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35F46942-E054-43E4-9543-E126738845E2"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1A24EBE-D760-4251-972E-86B71EC8A07D"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AC8F001-B2D6-49AD-94E7-673E8BEC958C"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE9EFA08-1838-46A9-A851-A0540C60739D"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B231B0D4-F971-4D4F-97CE-74951DF2B681"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF6604AE-12E8-43F8-9170-557009F34928"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD67845D-C1AD-46EF-A2EF-6C979E3363BF"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6044293D-28C5-4B35-B046-E8984A2AA029"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}