ID de Prueba:	1.3.6.1.4.1.25623.1.0.800301
Categoría:	Web application abuses
Título:	phpMyAdmin pmd_pdf.php Cross Site Scripting Vulnerability
Resumen:	phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Input passed to the 'db' parameter in pmd_pdf.php file is not properly sanitised before returning to the user. Vulnerability Impact: Allows execution of arbitrary HTML and script code, and steal cookie-based authentication credentials. Affected Software/OS: phpMyAdmin phpMyAdmin versions 3.0.1 and prior on all running platform. Solution: Upgrade to phpMyAdmin 3.0.1.1 or later. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4775 BugTraq ID: 31928 http://www.securityfocus.com/bid/31928 Bugtraq: 20081027 XSS in phpMyadmin (Google Search) http://www.securityfocus.com/archive/1/497815/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00908.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00925.html http://security.gentoo.org/glsa/glsa-200903-32.xml http://secunia.com/advisories/32449 http://secunia.com/advisories/32482 http://securityreason.com/securityalert/4516 http://www.vupen.com/english/advisories/2008/2943 XForce ISS Database: phpmyadmin-pmdpdf-xss(46136) https://exchange.xforce.ibmcloud.com/vulnerabilities/46136
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.