CVE-2008-2960 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.6 UNKNOWN	NETWORK	HIGH		AV:N/AC:H/Au:N/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Vendor	Product	Version
phpmyadmin	phpmyadmin	2.10.0
phpmyadmin	phpmyadmin	2.10.0.1
phpmyadmin	phpmyadmin	2.10.0.2
phpmyadmin	phpmyadmin	2.10.1
phpmyadmin	phpmyadmin	2.10.2
phpmyadmin	phpmyadmin	2.10.3
phpmyadmin	phpmyadmin	2.10.3rc1:rc1
phpmyadmin	phpmyadmin	2.11.0
phpmyadmin	phpmyadmin	2.11.0beta1:beta1
phpmyadmin	phpmyadmin	2.11.0rc1:rc1
phpmyadmin	phpmyadmin	2.11.1
phpmyadmin	phpmyadmin	2.11.1.1
phpmyadmin	phpmyadmin	2.11.1.2
phpmyadmin	phpmyadmin	2.11.1rc1:rc1
phpmyadmin	phpmyadmin	2.11.2
phpmyadmin	phpmyadmin	2.11.2.1
phpmyadmin	phpmyadmin	2.11.2.2
phpmyadmin	phpmyadmin	2.11.3
phpmyadmin	phpmyadmin	2.11.3rc1:rc1
phpmyadmin	phpmyadmin	2.11.4
phpmyadmin	phpmyadmin	2.11.4rc1:rc1
phpmyadmin	phpmyadmin	2.11.5
phpmyadmin	phpmyadmin	2.11.5.1
phpmyadmin	phpmyadmin	2.11.5.2
phpmyadmin	phpmyadmin	2.11.5rc1:rc1
phpmyadmin	phpmyadmin	2.11.6
phpmyadmin	phpmyadmin	2.11.6rc1:rc1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

phpmyadmin

bullseye	4:5.0.4+dfsg2-2+deb11u1 fixed
bookworm	4:5.2.1+dfsg-1 fixed
sid	4:5.2.1+dfsg-4 fixed
trixie	4:5.2.1+dfsg-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

phpmyadmin

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	ignored
gutsy	ignored
feisty	ignored
dapper	ignored

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

http://secunia.com/advisories/30813

http://secunia.com/advisories/30816

http://secunia.com/advisories/33822

http://www.mandriva.com/security/advisories?name=MDVSA-2008:131

http://www.openwall.com/lists/oss-security/2008/07/16/11

http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4

http://www.vupen.com/english/advisories/2008/1904/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/43320

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

http://secunia.com/advisories/30813

http://secunia.com/advisories/30816

http://secunia.com/advisories/33822

http://www.mandriva.com/security/advisories?name=MDVSA-2008:131

http://www.openwall.com/lists/oss-security/2008/07/16/11

http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4

http://www.vupen.com/english/advisories/2008/1904/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/43320