CVE-2008-2960

NameCVE-2008-2960
DescriptionCross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpmyadmin (PTS)stretch4:4.6.6-4+deb9u1fixed
stretch (security)4:4.6.6-4+deb9u2fixed
bullseye4:5.0.4+dfsg2-2fixed
bookworm, sid4:5.1.1+dfsg1-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpmyadminsource(unstable)4:2.11.7~rc2-1unimportant

Notes

We haven't supported installations with register_globals enabled since a long time
https://www.phpmyadmin.net/security/PMASA-2008-4/
https://github.com/phpmyadmin/phpmyadmin/commit/aa2076eedc7e3664b09681d6fe9dd019eca98647

Search for package or bug name: Reporting problems