CVE-2007-2865
published 2007-05-25CVE-2007-2865: Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server…
PriorityP339critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.07%
92.5th percentile
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phppgadmin | < phppgadmin 4.1.3-0.1 (forky) | phppgadmin 4.1.3-0.1 (forky) |
| debian | phppgadmin | < phppgadmin 4.1.2-1 (forky) | phppgadmin 4.1.2-1 (forky) |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin_project | phppgadmin | >= 0 < 4.1.2-1 | 4.1.2-1 |
| phppgadmin_project | phppgadmin | >= 0 < 4.1.3-0.1 | 4.1.3-0.1 |
| phppgadmin_project | phppgadmin | >= 0 < 4.1.2-1 | 4.1.2-1 |
| phppgadmin_project | phppgadmin | >= 0 < 4.1.3-0.1 | 4.1.3-0.1 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jfpr-w2hm-9rpw: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-5728 [CRITICAL] CWE-79 GHSA-jfpr-w2hm-9rpw: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
GHSA
GHSA-97v5-8m6g-4h8j: Cross-site scripting (XSS) vulnerability in sqledit
ghsa_unreviewed·2022-05-01
CVE-2007-2865 [HIGH] GHSA-97v5-8m6g-4h8j: Cross-site scripting (XSS) vulnerability in sqledit
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
OSV
CVE-2007-5728: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3
osv·2007-10-30·CVSS 9.3
CVE-2007-5728 [CRITICAL] CVE-2007-5728: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
OSV
CVE-2007-2865: Cross-site scripting (XSS) vulnerability in sqledit
osv·2007-05-25·CVSS 9.3
CVE-2007-2865 [CRITICAL] CVE-2007-2865: Cross-site scripting (XSS) vulnerability in sqledit
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Debian
CVE-2007-5728: phppgadmin - Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibl...
vendor_debian·2007·CVSS 9.3
CVE-2007-5728 [CRITICAL] CVE-2007-5728: phppgadmin - Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibl...
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
Scope: local
forky: resolved (fixed in 4.1.3-0.1)
sid: resolved (fixed in 4.1.3-0.1)
trixie: resolved (fixed in 4.1.3-0.1)
Debian
CVE-2007-2865: phppgadmin - Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allo...
vendor_debian·2007·CVSS 9.3
CVE-2007-2865 [CRITICAL] CVE-2007-2865: phppgadmin - Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allo...
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Scope: local
forky: resolved (fixed in 4.1.2-1)
sid: resolved (fixed in 4.1.2-1)
trixie: resolved (fixed in 4.1.2-1)
No detection rules found.
http://marc.info/?l=full-disclosure&m=117987658110713&w=2http://osvdb.org/38138http://secunia.com/advisories/27756http://secunia.com/advisories/33263http://www.debian.org/security/2008/dsa-1693http://www.novell.com/linux/security/advisories/2007_24_sr.htmlhttp://www.securityfocus.com/bid/24115https://exchange.xforce.ibmcloud.com/vulnerabilities/34456http://marc.info/?l=full-disclosure&m=117987658110713&w=2http://osvdb.org/38138http://secunia.com/advisories/27756http://secunia.com/advisories/33263http://www.debian.org/security/2008/dsa-1693http://www.novell.com/linux/security/advisories/2007_24_sr.htmlhttp://www.securityfocus.com/bid/24115https://exchange.xforce.ibmcloud.com/vulnerabilities/34456
2007-05-25
Published