Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5386

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5386
Last Modified 07 Mar 2011 10:00:36
Published 12 Oct 2007 06:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5386

Summary

Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

Vulnerable Systems

Application

  • Phpmyadmin 2.11.1


References

FEDORA - FEDORA-2007-2738

CONFIRM - https://sourceforge.net/tracker/index.php?func=detail&aid=1810629&group_id=23067&atid=377408

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=333661

XF - phpmyadmin-setup-xss(37077)

VUPEN - ADV-2007-3469

BID - 26020

BUGTRAQ - 20071015 about phpMyAdmin setup.php XSS vulnerability

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5

MANDRIVA - MDKSA-2007:199

MISC - http://www.digitrustgroup.com/advisories/TDG-advisory071009a

DEBIAN - DSA-1403

SECUNIA - 27595

SECUNIA - 27506

SECUNIA - 27173

CONFIRM - http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=log

CONFIRM - http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748

OSVDB - 37678


Last Updated: 27 May 2016 10:46:10