phpPgAdmin Multiple XSS Vulnerabilities

Monday, 28 May 2007

Synopsis: Multiple XSS Vulnerabilities

phpPgAdmin is a web-based administration tool for PostgreSQL.

phpPgAdmin doesn't correctly sanitize data in $_SERVER array and most of the
scripts make direct use of PHP_SELF.

This was tested on versions 3.5 to 4.1.1 as not logged user. Other versions
may also be vulnerable.

Regards Michal Majchrowicz.

Share this content:
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.