nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13

Browse Source
This commit is contained in:
Herman van Rink
2011-08-19 11:48:57 +02:00
parent a5716cb389
commit c79375598d
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
$Id$ $Id$
$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
3.3.10.4 (not yet released)
- [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13
3.3.10.3 (2011-07-23) 3.3.10.3 (2011-07-23)
- [security] Fixed XSS vulnerability, see PMASA-2011-9 - [security] Fixed XSS vulnerability, see PMASA-2011-9
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12

2
db_datadict.php
View File

@@ -70,7 +70,7 @@ while ($row = PMA_DBI_fetch_assoc($rowset)) {
echo '<div>' . "\n"; echo '<div>' . "\n";
} }
echo '<h2>' . $table . '</h2>' . "\n"; echo '<h2>' . htmlspecialchars($table) . '</h2>' . "\n";
/** /**
* Gets table informations * Gets table informations