CVE-2011-3598 (GCVE-0-2011-3598)

Vulnerability from cvelistv5 – Published: 2011-10-08 01:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/46426 third-party-advisoryx_refsource_SECUNIA
http://sourceforge.net/mailarchive/forum.php?thre… mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-updates/2012-0… vendor-advisoryx_refsource_SUSE
https://github.com/phppgadmin/phppgadmin/commit/1… x_refsource_CONFIRM
https://bugs.gentoo.org/show_bug.cgi?id=385505 x_refsource_CONFIRM
http://secunia.com/advisories/46248 third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/75998 vdb-entryx_refsource_OSVDB
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2011/1… mailing-listx_refsource_MLIST
http://freshmeat.net/projects/phppgadmin/releases… x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2011/10/04/1 mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/49914 vdb-entryx_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=743205 x_refsource_CONFIRM
http://osvdb.org/75997 vdb-entryx_refsource_OSVDB
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:48.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-13805",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html"
          },
          {
            "name": "46426",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46426"
          },
          {
            "name": "[phppgadmin-news] 20111003 [ppa-news] phpPgAdmin 5.0.3 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news"
          },
          {
            "name": "openSUSE-SU-2012:0493",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=385505"
          },
          {
            "name": "46248",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46248"
          },
          {
            "name": "75998",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/75998"
          },
          {
            "name": "FEDORA-2011-13801",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html"
          },
          {
            "name": "[oss-security] 20111004 Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/10/04/10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freshmeat.net/projects/phppgadmin/releases/336969"
          },
          {
            "name": "[oss-security] 20111004 CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/10/04/1"
          },
          {
            "name": "49914",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49914"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743205"
          },
          {
            "name": "75997",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/75997"
          },
          {
            "name": "FEDORA-2011-13748",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-13T23:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-13805",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html"
        },
        {
          "name": "46426",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46426"
        },
        {
          "name": "[phppgadmin-news] 20111003 [ppa-news] phpPgAdmin 5.0.3 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news"
        },
        {
          "name": "openSUSE-SU-2012:0493",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=385505"
        },
        {
          "name": "46248",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46248"
        },
        {
          "name": "75998",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/75998"
        },
        {
          "name": "FEDORA-2011-13801",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html"
        },
        {
          "name": "[oss-security] 20111004 Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/10/04/10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freshmeat.net/projects/phppgadmin/releases/336969"
        },
        {
          "name": "[oss-security] 20111004 CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/10/04/1"
        },
        {
          "name": "49914",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49914"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743205"
        },
        {
          "name": "75997",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/75997"
        },
        {
          "name": "FEDORA-2011-13748",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3598",
    "datePublished": "2011-10-08T01:00:00",
    "dateReserved": "2011-09-21T00:00:00",
    "dateUpdated": "2024-08-06T23:37:48.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0.2\", \"matchCriteriaId\": \"2B7A7773-6590-4486-A2F1-5B4D699FE779\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B268F49-4F3A-4D05-8079-05EB75E1AE8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F2CCA02-7AE3-4CF8-A514-ABCC16CDF435\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E23D4530-0B63-459C-B7F2-84F5866CCA04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47A293B3-3E81-4B7E-8D24-EC1B57C2CD83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1893B7A4-D303-4DA7-B3C5-264413A5D473\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"974D3D46-7DEB-45E5-B615-D95C2355F6DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A913E0DA-8076-4850-B218-F65C8A86F370\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81B74FF6-8280-4A14-B988-F58FB7915232\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:3.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A673AB66-EE9C-4873-873B-72FA25F3ADB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45DAC8C2-1469-41EA-B155-A9F24A46DD56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEA8E6BB-8BEB-4FDF-8935-EACED78E7EA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72BD7FEB-B23E-43BE-8682-AD70C4D7BE28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D79FAC8-65ED-461C-9FFF-5010D8BAC6BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7330FE3A-45FF-49D4-A6A6-4305A112E1D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D802197-3B55-478E-8DB9-7ADAD09A9060\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phppgadmin:phppgadmin:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFD50410-0906-4FE6-9BB2-5757874E5381\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de ejecuci\\u00f3n de secuencias de comandos en sitios cruzados (XSS) en phpPgAdmin anteriores a v5.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s de (1) t\\u00edtulo de la p\\u00e1gina web,relativo a classes/Misc.php; o el par\\u00e1metro (2) return_url o (3) return_desc sobredisplay.php.\"}]",
      "id": "CVE-2011-3598",
      "lastModified": "2024-11-21T01:30:49.437",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-10-08T02:52:52.473",
      "references": "[{\"url\": \"http://freshmeat.net/projects/phppgadmin/releases/336969\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://osvdb.org/75997\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://osvdb.org/75998\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/46248\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/46426\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/10/04/1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/10/04/10\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/49914\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugs.gentoo.org/show_bug.cgi?id=385505\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=743205\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://freshmeat.net/projects/phppgadmin/releases/336969\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/75997\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/75998\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/46248\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/46426\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/10/04/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/10/04/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/49914\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.gentoo.org/show_bug.cgi?id=385505\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=743205\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-3598\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-10-08T02:52:52.473\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en phpPgAdmin anteriores a v5.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) t\u00edtulo de la p\u00e1gina web,relativo a classes/Misc.php; o el par\u00e1metro (2) return_url o (3) return_desc sobredisplay.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.2\",\"matchCriteriaId\":\"2B7A7773-6590-4486-A2F1-5B4D699FE779\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B268F49-4F3A-4D05-8079-05EB75E1AE8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F2CCA02-7AE3-4CF8-A514-ABCC16CDF435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23D4530-0B63-459C-B7F2-84F5866CCA04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47A293B3-3E81-4B7E-8D24-EC1B57C2CD83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1893B7A4-D303-4DA7-B3C5-264413A5D473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"974D3D46-7DEB-45E5-B615-D95C2355F6DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A913E0DA-8076-4850-B218-F65C8A86F370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81B74FF6-8280-4A14-B988-F58FB7915232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:3.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A673AB66-EE9C-4873-873B-72FA25F3ADB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45DAC8C2-1469-41EA-B155-A9F24A46DD56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA8E6BB-8BEB-4FDF-8935-EACED78E7EA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72BD7FEB-B23E-43BE-8682-AD70C4D7BE28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D79FAC8-65ED-461C-9FFF-5010D8BAC6BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7330FE3A-45FF-49D4-A6A6-4305A112E1D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D802197-3B55-478E-8DB9-7ADAD09A9060\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phppgadmin:phppgadmin:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD50410-0906-4FE6-9BB2-5757874E5381\"}]}]}],\"references\":[{\"url\":\"http://freshmeat.net/projects/phppgadmin/releases/336969\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/75997\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/75998\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/46248\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/46426\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/10/04/1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/10/04/10\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/49914\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugs.gentoo.org/show_bug.cgi?id=385505\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=743205\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://freshmeat.net/projects/phppgadmin/releases/336969\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/75997\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/75998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/46248\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/46426\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/10/04/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/10/04/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/49914\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.gentoo.org/show_bug.cgi?id=385505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=743205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.