PT-2007-6437 · Phpmyadmin · Phpmyadmin

Published

2007-10-12

Updated

2018-10-15

CVE-2007-5386

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: phpMyAdmin version 2.11.1

Description: A cross-site scripting (XSS) issue exists due to the failure to properly encode requests. This allows remote attackers to inject arbitrary web script or HTML via the query string when accessed by a browser that does not URL-encode requests.

Recommendations: For phpMyAdmin version 2.11.1, consider updating to a newer version that addresses this issue, as using a browser that URL-encodes requests may mitigate the risk but does not fully resolve it. As a temporary workaround, restrict access to the scripts/setup.php file to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2007-5386

DSA-1403-1

Affected Products

Phpmyadmin

PT-2007-6437 · Phpmyadmin · Phpmyadmin

CVE-2007-5386

Weakness Enumeration

Related Identifiers

Affected Products

References · 23