CVE-2007-5386
published 2007-10-12CVE-2007-5386: Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.33%
87.1th percentile
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 4:2.11.1.2-1 (bookworm) | phpmyadmin 4:2.11.1.2-1 (bookworm) |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.11.1.2-1 | 4:2.11.1.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.11.1.2-1 | 4:2.11.1.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.11.1.2-1 | 4:2.11.1.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.11.1.2-1 | 4:2.11.1.2-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vcvq-3f23-fr47: Cross-site scripting (XSS) vulnerability in scripts/setup
ghsa_unreviewed·2022-05-01
CVE-2007-5386 [MEDIUM] CWE-79 GHSA-vcvq-3f23-fr47: Cross-site scripting (XSS) vulnerability in scripts/setup
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
OSV
CVE-2007-5386: Cross-site scripting (XSS) vulnerability in scripts/setup
osv·2007-10-12·CVSS 4.3
CVE-2007-5386 [MEDIUM] CVE-2007-5386: Cross-site scripting (XSS) vulnerability in scripts/setup
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
Debian
CVE-2007-5386: phpmyadmin - Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11...
vendor_debian·2007·CVSS 4.3
CVE-2007-5386 [MEDIUM] CVE-2007-5386: phpmyadmin - Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11...
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
Scope: local
bookworm: resolved (fixed in 4:2.11.1.2-1)
bullseye: resolved (fixed in 4:2.11.1.2-1)
forky: resolved (fixed in 4:2.11.1.2-1)
sid: resolved (fixed in 4:2.11.1.2-1)
trixie: resolved (fixed in 4:2.11.1.2-1)
No detection rules found.
http://osvdb.org/37678http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=loghttp://secunia.com/advisories/27173http://secunia.com/advisories/27506http://secunia.com/advisories/27595http://www.debian.org/security/2007/dsa-1403http://www.digitrustgroup.com/advisories/TDG-advisory071009ahttp://www.mandriva.com/security/advisories?name=MDKSA-2007:199http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5http://www.securityfocus.com/archive/1/482339/100/0/threadedhttp://www.securityfocus.com/bid/26020http://www.vupen.com/english/advisories/2007/3469https://bugzilla.redhat.com/show_bug.cgi?id=333661https://exchange.xforce.ibmcloud.com/vulnerabilities/37077https://sourceforge.net/tracker/index.php?func=detail&aid=1810629&group_id=23067&atid=377408https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.htmlhttp://osvdb.org/37678http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=loghttp://secunia.com/advisories/27173http://secunia.com/advisories/27506http://secunia.com/advisories/27595http://www.debian.org/security/2007/dsa-1403http://www.digitrustgroup.com/advisories/TDG-advisory071009ahttp://www.mandriva.com/security/advisories?name=MDKSA-2007:199http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5http://www.securityfocus.com/archive/1/482339/100/0/threadedhttp://www.securityfocus.com/bid/26020http://www.vupen.com/english/advisories/2007/3469https://bugzilla.redhat.com/show_bug.cgi?id=333661https://exchange.xforce.ibmcloud.com/vulnerabilities/37077https://sourceforge.net/tracker/index.php?func=detail&aid=1810629&group_id=23067&atid=377408https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html
2007-10-12
Published