[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5589Date: (C)2007-10-19   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-26301
SECUNIA-27246
SECUNIA-27506
SECUNIA-27595
SECUNIA-29323
OSVDB-37939
ADV-2007-3535
DSA-1403
FEDORA-2007-2738
MDKSA-2007:199
SUSE-SR:2008:006
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796
http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6
https://bugzilla.redhat.com/show_bug.cgi?id=333661
phpmyadmin-serverstatus-xss(37292)

CPE    1
cpe:/a:phpmyadmin:phpmyadmin
CWE    1
CWE-79

© SecPod Technologies