Vigil@nce - phpMyAdmin: two vulnerabilities
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of phpMyAdmin, in order to
execute JavaScript code in the context of the web site.
Impacted products: phpMyAdmin
Severity: 2/4
Creation date: 09/10/2012
Revision date: 15/10/2012
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in phpMyAdmin.
An attacker can generate several Cross Site Scripting in Trigger,
Procedure and Event pages. [severity:2/4; BID-55925,
CVE-2012-5339, PMASA-2012-6]
An attacker can setup a malicious "phpmyadmin.net" site, in order
to inject JavaScript code on the home page, which indicates the
number of the latest phpMyAdmin version. [severity:2/4;
CVE-2012-5368, PMASA-2012-7]
An attacker can therefore use two vulnerabilities of phpMyAdmin,
in order to execute JavaScript code in the context of the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-two-vulnerabilities-12042