QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5589

Published: Oct 19, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html

x_refsource_MISC

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6

x_refsource_CONFIRM

http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796

x_refsource_CONFIRM

FEDORA-2007-2738

vendor-advisory

x_refsource_FEDORA

phpmyadmin-serverstatus-xss(37292)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

SUSE-SR:2008:006

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=333661

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.