CVE-2006-6942
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2006-6942
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2006-6942.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2006-6942
- Downstream
- Published
- 2007-01-19T02:28:00Z
- Modified
- 2025-08-09T20:01:26Z
- Summary
- [none]
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) dboperations.php, (2) the db parameter to (b) dbcreate.php, (3) the newname parameter to dboperations.php, the (4) queryhistorylatest, (5) queryhistorylatestdb, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
- References
-
- http://marc.info/?l=bugtraq&m=116370414309444&w=2
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7
- http://www.securityfocus.com/bid/21137
- http://www.us.debian.org/security/2007/dsa-1370
- http://www.vupen.com/english/advisories/2006/4572
- http://secunia.com/advisories/26733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30310