Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5977 to the following vulnerability: Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. References: http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html http://sourceforge.net/project/shownotes.php?release_id=553333 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7 http://www.frsirt.com/english/advisories/2007/3824 http://secunia.com/advisories/27630 http://xforce.iss.net/xforce/xfdb/38404
devel: http://koji.fedoraproject.org/koji/buildinfo?buildID=25151 F8: http://koji.fedoraproject.org/koji/buildinfo?buildID=25152 F7: http://koji.fedoraproject.org/koji/buildinfo?buildID=25153 FC6: http://buildsys.fedoraproject.org/logs/fedora-6-extras/37132-phpMyAdmin-2.11.2.2-1.fc6/ EL-5: http://buildsys.fedoraproject.org/logs/fedora-5-epel/37133-phpMyAdmin-2.11.2.2-1.el5/ EL-4: http://buildsys.fedoraproject.org/logs/fedora-4-epel/37134-phpMyAdmin-2.11.2.2-1.el4/
phpMyAdmin-2.11.2.2-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-2.11.2.2-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.