CVE-2007-5589
published 2007-10-19CVE-2007-5589: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.33%
87.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 4:2.11.1.2-1 (bookworm) | phpmyadmin 4:2.11.1.2-1 (bookworm) |
| phpmyadmin | phpmyadmin | <= 2.11.1.1 | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.11.1.2-1 | 4:2.11.1.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.11.1.2-1 | 4:2.11.1.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.11.1.2-1 | 4:2.11.1.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.11.1.2-1 | 4:2.11.1.2-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-5589: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1....
vendor_debian·2007·CVSS 4.3
CVE-2007-5589 [MEDIUM] CVE-2007-5589: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1....
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.
Scope: local
bookworm: resolved (fixed in 4:2.11.1.2-1)
bullseye: resolved (fixed in 4:2.11.1.2-1)
forky: resolved (fixed in 4:2.11.1.2-1)
sid: resolved (fixed in 4:2.11.1.2-1)
trixie: resolved (fixed in 4:2.11.1.2-1)
GHSA
GHSA-9cxr-7vrj-vpj8: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2
ghsa_unreviewed·2022-05-01
CVE-2007-5589 [MEDIUM] CWE-79 GHSA-9cxr-7vrj-vpj8: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.
OSV
CVE-2007-5589: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2
osv·2007-10-19·CVSS 4.3
CVE-2007-5589 [MEDIUM] CVE-2007-5589: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlhttp://osvdb.org/37939http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796http://secunia.com/advisories/27246http://secunia.com/advisories/27506http://secunia.com/advisories/27595http://secunia.com/advisories/29323http://www.debian.org/security/2007/dsa-1403http://www.digitrustgroup.com/advisories/TDG-advisory071015a.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:199http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6http://www.securityfocus.com/bid/26301http://www.vupen.com/english/advisories/2007/3535https://bugzilla.redhat.com/show_bug.cgi?id=333661https://exchange.xforce.ibmcloud.com/vulnerabilities/37292https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlhttp://osvdb.org/37939http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796http://secunia.com/advisories/27246http://secunia.com/advisories/27506http://secunia.com/advisories/27595http://secunia.com/advisories/29323http://www.debian.org/security/2007/dsa-1403http://www.digitrustgroup.com/advisories/TDG-advisory071015a.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:199http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6http://www.securityfocus.com/bid/26301http://www.vupen.com/english/advisories/2007/3535https://bugzilla.redhat.com/show_bug.cgi?id=333661https://exchange.xforce.ibmcloud.com/vulnerabilities/37292https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html
2007-10-19
Published