phpMyAdmin Print view XSS-Vulnerability
- Reported: 05.07.2011
- Published: 23.07.2011
- Updated: 23.07.2011
- Affected versions: <= 18.104.22.168
- Risk: moderate
- Solution: Update to 22.214.171.124 or newer
- CVE-ID: CVE-2011-2642
Also have a look at phpMyAdmin Direct Remote Code Execution
The table print view in phpMyAdmin is susceptible to XSS.
within site context.
The attacker needs access to the victims database and the CREATE or ALTER TABLE right.
Additionally, the attacker must trick the victim into opening the following links
Need help securing your (web) applications? Write an e-mail to wildcat at the-wildcat dot de or contact me on XING
tbl_printview.php?db=database_to_attack&table=[table name as payload].
No url token required.