CVE-2012-1600 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Affected Products (NVD)

Vendor	Product	Version
phppgadmin_project	phppgadmin	𝑥 ≤ 5.0.3
phppgadmin_project	phppgadmin	5.0
phppgadmin_project	phppgadmin	5.0.1
phppgadmin_project	phppgadmin	5.0.2
opensuse	opensuse	11.4
opensuse	opensuse	12.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

phppgadmin

sid	7.14.7+dfsg-1 fixed
squeeze	no-dsa
trixie	7.14.7+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

phppgadmin

hardy	ignored
lucid	ignored
maverick	ignored
natty	ignored
oneiric	ignored
precise	ignored
quantal	not-affected
raring	not-affected
saucy	not-affected
trusty	dne
utopic	not-affected
vivid	not-affected
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html

http://secunia.com/advisories/48574

http://sourceforge.net/p/phppgadmin/mailman/message/28783470/

http://www.openwall.com/lists/oss-security/2012/03/28/11

http://www.openwall.com/lists/oss-security/2012/03/29/6

http://www.openwall.com/lists/oss-security/2012/03/30/7

http://www.osvdb.org/80870

http://www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com

http://www.securityfocus.com/bid/52761

https://bugzilla.redhat.com/show_bug.cgi?id=808439

https://exchange.xforce.ibmcloud.com/vulnerabilities/74440

https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00

https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0

http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html

http://secunia.com/advisories/48574

http://sourceforge.net/p/phppgadmin/mailman/message/28783470/

http://www.openwall.com/lists/oss-security/2012/03/28/11

http://www.openwall.com/lists/oss-security/2012/03/29/6

http://www.openwall.com/lists/oss-security/2012/03/30/7

http://www.osvdb.org/80870

http://www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com

http://www.securityfocus.com/bid/52761

https://bugzilla.redhat.com/show_bug.cgi?id=808439

https://exchange.xforce.ibmcloud.com/vulnerabilities/74440

https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00

https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0