Intrusion Prevention

PHPMyAdmin.Error.php.XSS

Description

It indicates an attacker attempted to exploit a HTML Injection vulnerability in phpMyAdmin. phpMyAdmin suffers from a programming error that can be exploited to steal cookie based authentication credentials. However in order for this attack to be successful, the attacker would have to force the victim to visit an HTML link containing the malicious code.

Affected Products

phpMyAdmin phpMyAdmin 2.6.3 -pl1 and earlier versions.

Impact

Disclosure or Modification of sensitive data

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2010-4480 CVE-2005-2869