oss-sec mailing list archives
Re: CVE request: phpmyadmin < 2.11.8
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 12 Aug 2008 20:23:33 -0400 (EDT)
On Fri, 8 Aug 2008, Nico Golde wrote:
Name: CVE-2008-3457 ...Hmm where is the issue here? Sure the application is vulnerable if an attacker can edit a file that is included all over the place. I think you have way more problems than an XSS in setup.php in such a case.
I agree that it doesn't sound like much of an issue (and setup.php being left around sounds suspicious in itself), but we take the approach that if a vendor thinks it's important enough to issue a security advisory, we'll tag it on the assumption that vendors don't have any motivation to over-inflate the importance of a bug without some consideration of security risk. - Steve
Current thread:
- CVE request: phpmyadmin < 2.11.8 Hanno Böck (Jul 28)
- Re: CVE request: phpmyadmin < 2.11.8 Steven M. Christey (Aug 04)
- Re: CVE request: phpmyadmin < 2.11.8 Nico Golde (Aug 08)
- Re: CVE request: phpmyadmin < 2.11.8 Steven M. Christey (Aug 12)
- Re: CVE request: phpmyadmin < 2.11.8 Nico Golde (Aug 08)
- Re: CVE request: phpmyadmin < 2.11.8 Steven M. Christey (Aug 04)