Intrusion Prevention

PHPMyAdmin.XSS

Description

It indicates an attacker attempted a Cross-Site Scripting attack against phpMyAdmin. phpMyAdmin is prone to a programming error that allows the "$cfg["ThemeManager"]" variable to be overwritten with user-supplied data. An attacker can leverage this vulnerability to execute arbitrary PHP code.

Affected Products

phpMyAdmin phpMyAdmin 2.6.4 -rc1 and earlier versions.

Impact

Compromise of the affected system.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2005-3300 CVE-2005-3301