Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-22fm-v29s-ukdg
Vulnerability ID VCID-22fm-v29s-ukdg
Aliases CVE-2006-6942
Summary Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
Status Published
Exploitability 2.0
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.02243 https://api.first.org/data/v1/epss?cve=CVE-2006-6942
epss 0.02243 https://api.first.org/data/v1/epss?cve=CVE-2006-6942
epss 0.02243 https://api.first.org/data/v1/epss?cve=CVE-2006-6942
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2006-6942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6942
CVE-2006-6942;OSVDB-58821 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29058.txt
CVE-2006-6942;OSVDB-58822 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29059.txt
CVE-2006-6942;OSVDB-58823 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29060.txt
CVE-2006-6942;OSVDB-58824 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/29061.txt
CVE-2006-6943;OSVDB-59227 Exploit https://www.securityfocus.com/bid/21137/info
GLSA-200903-32 https://security.gentoo.org/glsa/200903-32
Data source Exploit-DB
Date added Sept. 15, 2006
Description phpMyAdmin 2.x - 'sql.php?pos' Cross-Site Scripting
Ransomware campaign use Known
Source publication date Sept. 15, 2006
Exploit type webapps
Platform php
Source update date Oct. 19, 2013
Source URL https://www.securityfocus.com/bid/21137/info
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.84868
EPSS Score 0.02243
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:07:08.339439+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0