Home page logo

bugtraq logo Bugtraq mailing list archives

about phpMyAdmin setup.php XSS vulnerability
From: Marc Delisle <Marc.Delisle () cegepsherbrooke qc ca>
Date: Mon, 15 Oct 2007 19:10:12 -0400


phpMyAdmin version was released to fix this, along with a security announcement: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5

which contains a mitigating factor:

"We could only trigger it when using Internet Explorer with the 'send URLs as UTF8' setting disabled. The default value of this setting being 'enabled' reduces the impact of this problem."

For distros who prefer a small patch:

Marc Delisle, for the team

  By Date           By Thread  

Current thread:
  • about phpMyAdmin setup.php XSS vulnerability Marc Delisle (Oct 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]