CVE-2006-5718

Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.

Affected Software

Name	Vendor	Start Version	End Version
Phpmyadmin	Phpmyadmin	2.6.4_pl1 (including)	2.6.4_pl1 (including)
Phpmyadmin	Phpmyadmin	2.6.4_pl3 (including)	2.6.4_pl3 (including)
Phpmyadmin	Phpmyadmin	2.6.4_pl4 (including)	2.6.4_pl4 (including)
Phpmyadmin	Phpmyadmin	2.6.4_rc1 (including)	2.6.4_rc1 (including)
Phpmyadmin	Phpmyadmin	2.7 (including)	2.7 (including)
Phpmyadmin	Phpmyadmin	2.7.0_beta1 (including)	2.7.0_beta1 (including)
Phpmyadmin	Phpmyadmin	2.7_pl1 (including)	2.7_pl1 (including)
Phpmyadmin	Phpmyadmin	2.8.1 (including)	2.8.1 (including)
Phpmyadmin	Phpmyadmin	2.8.2 (including)	2.8.2 (including)
Phpmyadmin	Phpmyadmin	2.8.3 (including)	2.8.3 (including)
Phpmyadmin	Phpmyadmin	2.8.4 (including)	2.8.4 (including)
Phpmyadmin	Phpmyadmin	2.9 (including)	2.9 (including)
Phpmyadmin	Phpmyadmin	2.9.1 (including)	2.9.1 (including)
Phpmyadmin	Phpmyadmin	2.9.2 (including)	2.9.2 (including)
Phpmyadmin	Phpmyadmin	2.9_rc1 (including)	2.9_rc1 (including)
Phpmyadmin	Ubuntu	dapper	*
Phpmyadmin	Ubuntu	edgy	*
Phpmyadmin	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-5718
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References