CVE-2007-2016 — Cross-site Scripting in Phpmyadmin

13 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 44.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedApr 12

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.6.2-3 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.6.2-3+3

▶NVDphpmyadmin/phpmyadmin2.6.1

🔴Vulnerability Details

GHSA

GHSA-cj7j-6rg9-9523: Cross-site scripting (XSS) vulnerability in mysql/phpinfo↗2022-05-01

▶

Kernel

namei: allow restricted O_CREAT of FIFOs and regular files↗2018-08-23

▶

OSV

CVE-2007-2016: Cross-site scripting (XSS) vulnerability in mysql/phpinfo↗2007-04-12

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Excel - OLE Arbitrary Code Execution↗2017-09-30

▶

Exploit-DB

Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)↗2016-08-10

▶

Exploit-DB

Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)↗2016-04-14

▶

Exploit-DB

SkilMatch Systems JobLister3 - 'index.php' SQL Injection↗2007-07-13

▶

📋Vendor Advisories

Red Hat

kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()↗2010-07-29

▶

Debian

CVE-2007-2016: phpmyadmin - Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6....↗2007

▶

💬Community

Bugzilla

CVE-2016-5177 chromium-browser: use after free in v8↗2016-09-30

▶

Bugzilla

CVE-2016-5178 chromium-browser: various fixes from internal audits↗2016-09-30

▶