Vigil@nce: phpMyAdmin, two vulnerabilities
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can obtain information or create a Cross Site
Scripting in phpMyAdmin.
– Severity: 2/4
– Creation date: 03/01/2011
IMPACTED PRODUCTS
– Debian Linux
– Mandriva Corporate
– Mandriva Enterprise Server
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The phpMyAdmin program is used to administer a MySQL database. It
is impacted by two vulnerabilities.
An attacker can generate a Cross Site Scripting in the error.php
page. [severity:2/4; BID-45633, CVE-2010-4480, PMASA-2010-9]
An attacker can obtain the result of the phpinfo() function, which
displays information on the system. [severity:2/4; CVE-2010-4481,
PMASA-2010-10]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-two-vulnerabilities-10240