Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-2031

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Related bugs and status

CVE-2006-2031 (Candidate) is related to these bugs:

Bug #82003: phpmyadmin has several security bugs

		In	Importance	Status
82003	phpmyadmin has several security bugs	phpmyadmin (Ubuntu)	Undecided	Fix Released
82003	phpmyadmin has several security bugs	phpmyadmin (Ubuntu Dapper)	Undecided	Won't Fix
82003	phpmyadmin has several security bugs	phpmyadmin (Ubuntu Feisty)	Undecided	Fix Released
82003	phpmyadmin has several security bugs	phpmyadmin (Ubuntu Edgy)	Undecided	Won't Fix
82003	phpmyadmin has several security bugs	phpMyAdmin	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

SECUNIA: 19659
CONFIRM: http://www.phpmyadmin....
MISC: http://pridels0.blogsp...
XF: phpmyadmin-index-xss(2...