Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2865 — Cross-site Scripting in Phppgadmin

CWE-79 — Cross-site Scripting10 documents6 sources

Severity

9.3CRITICALNVD

NVD4.3

EPSS

4.3%

top 11.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phppgadmin Project Phppgadmin Debian Phppgadmin Phppgadmin

Timeline

PublishedMay 25

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/phppgadmin< phppgadmin 4.1.3-0.1 (forky)+1

▶Debianphppgadmin_project/phppgadmin< 4.1.2-1+3

▶NVDphppgadmin/phppgadmin4 versions+3

🔴Vulnerability Details

GHSA

GHSA-jfpr-w2hm-9rpw: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3↗2022-05-01

▶

GHSA

GHSA-97v5-8m6g-4h8j: Cross-site scripting (XSS) vulnerability in sqledit↗2022-05-01

▶

OSV

CVE-2007-5728: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3↗2007-10-30

▶

OSV

CVE-2007-2865: Cross-site scripting (XSS) vulnerability in sqledit↗2007-05-25

▶

💥Exploits & PoCs

Exploit-DB

phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting↗2007-05-23

▶

📋Vendor Advisories

Debian

CVE-2007-5728: phppgadmin - Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibl...↗2007

▶

Debian

CVE-2007-2865: phppgadmin - Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allo...↗2007

▶

💬Community

Bugzilla

CVE-2007-2865: phpPgAdmin 4.1.1 XSS vulnerability↗2007-05-26

▶