Vulnerability Name:

CVE-2008-2960 (CCN-43320)

Assigned:2008-06-23
Published:2008-06-23
Updated:2017-08-08
Summary:Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-2960

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:003

Source: CCN
Type: SA30813
phpMyAdmin Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
30813

Source: SECUNIA
Type: UNKNOWN
30816

Source: SECUNIA
Type: UNKNOWN
33822

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:131

Source: MLIST
Type: UNKNOWN
[oss-security] 20080716 Re: CVE request: phpmyadmin < 2.11.7.1

Source: CCN
Type: OSVDB ID: 46511
phpMyAdmin /libraries Multiple Scripts Unspecified XSS

Source: CCN
Type: phpMyAdmin Web site
phpMyAdmin > Downloads

Source: CONFIRM
Type: UNKNOWN
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0

Source: CCN
Type: phpMyAdmin security announcement PMASA-2008-4
XSS on plausible insecure PHP installation

Source: CONFIRM
Type: UNKNOWN
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4

Source: CCN
Type: TLSA-2008-29
Cross-site scripting (XSS) vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-1904

Source: XF
Type: UNKNOWN
phpmyadmin-libraryfiles-xss(43320)

Source: XF
Type: UNKNOWN
phpmyadmin-libraryfiles-xss(43320)

Source: SUSE
Type: SUSE-SR:2009:003
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpmyadmin:phpmyadmin:2.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.10.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.10.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.10.3rc1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.0beta1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.0rc1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.1rc1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.3rc1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.4rc1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.5rc1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.6rc1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:phpmyadmin:phpmyadmin:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.11.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20082960
    V
    		CVE-2008-2960
    2015-11-16
    BACK
    phpmyadmin phpmyadmin 2.10.0
    phpmyadmin phpmyadmin 2.10.0.1
    phpmyadmin phpmyadmin 2.10.0.2
    phpmyadmin phpmyadmin 2.10.1
    phpmyadmin phpmyadmin 2.10.2
    phpmyadmin phpmyadmin 2.10.3
    phpmyadmin phpmyadmin 2.10.3rc1
    phpmyadmin phpmyadmin 2.11.0
    phpmyadmin phpmyadmin 2.11.0beta1
    phpmyadmin phpmyadmin 2.11.0rc1
    phpmyadmin phpmyadmin 2.11.1
    phpmyadmin phpmyadmin 2.11.1.1
    phpmyadmin phpmyadmin 2.11.1.2
    phpmyadmin phpmyadmin 2.11.1rc1
    phpmyadmin phpmyadmin 2.11.2
    phpmyadmin phpmyadmin 2.11.2.1
    phpmyadmin phpmyadmin 2.11.2.2
    phpmyadmin phpmyadmin 2.11.3
    phpmyadmin phpmyadmin 2.11.3rc1
    phpmyadmin phpmyadmin 2.11.4
    phpmyadmin phpmyadmin 2.11.4rc1
    phpmyadmin phpmyadmin 2.11.5
    phpmyadmin phpmyadmin 2.11.5.1
    phpmyadmin phpmyadmin 2.11.5.2
    phpmyadmin phpmyadmin 2.11.5rc1
    phpmyadmin phpmyadmin 2.11.6
    phpmyadmin phpmyadmin 2.11.6rc1
    phpmyadmin phpmyadmin 2.1
    phpmyadmin phpmyadmin 2.11.1
    phpmyadmin phpmyadmin 2.11.6
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    turbolinux turbolinux fuji