> Which I presume means it affects the system only with a registered (and a
> logged in) account.
Yes. Affecting only currently logged-in users.
If you're sure that you could never be fooled by someone through any
means, you're safe not to patch this upgrade.
_
After looking into several sources, I've found the following:
6. IMPACT
Attackers can compromise currently logged-in user session and inject
arbitrary SQL statements (CREATE,INSERT,UPDATE,DELETE)
via crafted XSS payloads.
Which I presume means it affects the system only with a registered (and a
Did you read the advisory that contains vendor advisory link -
http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php ?
On Sat, Aug 21, 2010 at 12:46 AM, Christian Sciberras wrote:
> Since I didn't see this mentioned even on their website, (phpmyadmin.net), I
> would like to ask, are th
==
phpMyAdmin 3.3.5 / 2.11.10 <= Cross Site Scripting (XSS) Vulnerability
==
1. OVERVIEW
The phpMyAdmin web application was vulnerable to Cross