CVE-2016-2560
01.03.2016, 11:59
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.
Vendor | Product | Version |
---|---|---|
phpmyadmin | phpmyadmin | 4.0.0 |
phpmyadmin | phpmyadmin | 4.0.1 |
phpmyadmin | phpmyadmin | 4.0.2 |
phpmyadmin | phpmyadmin | 4.0.3 |
phpmyadmin | phpmyadmin | 4.0.4 |
phpmyadmin | phpmyadmin | 4.0.4.1 |
phpmyadmin | phpmyadmin | 4.0.4.2 |
phpmyadmin | phpmyadmin | 4.0.5 |
phpmyadmin | phpmyadmin | 4.0.6 |
phpmyadmin | phpmyadmin | 4.0.7 |
phpmyadmin | phpmyadmin | 4.0.8 |
phpmyadmin | phpmyadmin | 4.0.9 |
phpmyadmin | phpmyadmin | 4.0.10 |
phpmyadmin | phpmyadmin | 4.0.10.1 |
phpmyadmin | phpmyadmin | 4.0.10.2 |
phpmyadmin | phpmyadmin | 4.0.10.3 |
phpmyadmin | phpmyadmin | 4.0.10.4 |
phpmyadmin | phpmyadmin | 4.0.10.5 |
phpmyadmin | phpmyadmin | 4.0.10.6 |
phpmyadmin | phpmyadmin | 4.0.10.7 |
phpmyadmin | phpmyadmin | 4.0.10.8 |
phpmyadmin | phpmyadmin | 4.0.10.9 |
phpmyadmin | phpmyadmin | 4.0.10.10 |
phpmyadmin | phpmyadmin | 4.0.10.11 |
phpmyadmin | phpmyadmin | 4.0.10.12 |
phpmyadmin | phpmyadmin | 4.0.10.13 |
phpmyadmin | phpmyadmin | 4.0.10.14 |
phpmyadmin | phpmyadmin | 4.4.0 |
phpmyadmin | phpmyadmin | 4.4.1 |
phpmyadmin | phpmyadmin | 4.4.1.1 |
phpmyadmin | phpmyadmin | 4.4.2 |
phpmyadmin | phpmyadmin | 4.4.3 |
phpmyadmin | phpmyadmin | 4.4.4 |
phpmyadmin | phpmyadmin | 4.4.5 |
phpmyadmin | phpmyadmin | 4.4.6 |
phpmyadmin | phpmyadmin | 4.4.6.1 |
phpmyadmin | phpmyadmin | 4.4.7 |
phpmyadmin | phpmyadmin | 4.4.8 |
phpmyadmin | phpmyadmin | 4.4.9 |
phpmyadmin | phpmyadmin | 4.4.10 |
phpmyadmin | phpmyadmin | 4.4.11 |
phpmyadmin | phpmyadmin | 4.4.12 |
phpmyadmin | phpmyadmin | 4.4.13 |
phpmyadmin | phpmyadmin | 4.4.13.1 |
phpmyadmin | phpmyadmin | 4.4.14 |
phpmyadmin | phpmyadmin | 4.4.14.1 |
phpmyadmin | phpmyadmin | 4.4.15 |
phpmyadmin | phpmyadmin | 4.4.15.1 |
phpmyadmin | phpmyadmin | 4.4.15.2 |
phpmyadmin | phpmyadmin | 4.4.15.3 |
phpmyadmin | phpmyadmin | 4.4.15.4 |
phpmyadmin | phpmyadmin | 4.5.0 |
phpmyadmin | phpmyadmin | 4.5.0:beta1 |
phpmyadmin | phpmyadmin | 4.5.0:beta2 |
phpmyadmin | phpmyadmin | 4.5.0:rc1 |
phpmyadmin | phpmyadmin | 4.5.0.1 |
phpmyadmin | phpmyadmin | 4.5.0.2 |
phpmyadmin | phpmyadmin | 4.5.1 |
phpmyadmin | phpmyadmin | 4.5.2 |
phpmyadmin | phpmyadmin | 4.5.3 |
phpmyadmin | phpmyadmin | 4.5.3.1 |
phpmyadmin | phpmyadmin | 4.5.4 |
phpmyadmin | phpmyadmin | 4.5.4.1 |
phpmyadmin | phpmyadmin | 4.5.5 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
phpmyadmin |
|
References