Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5728 — Cross-site Scripting in Phppgadmin

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

4.3MEDIUMNVD

OSV9.3

EPSS

0.5%

top 33.04%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phppgadmin Project Phppgadmin Debian Phppgadmin Phppgadmin

Timeline

PublishedOct 30

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phppgadmin< phppgadmin 4.1.3-0.1 (forky)

▶Debianphppgadmin_project/phppgadmin< 4.1.3-0.1+1

▶NVDphppgadmin/phppgadmin4 versions+3

🔴Vulnerability Details

GHSA

GHSA-jfpr-w2hm-9rpw: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3↗2022-05-01

▶

OSV

CVE-2007-5728: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3↗2007-10-30

▶

💥Exploits & PoCs

Exploit-DB

phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting↗2007-05-25

▶

Nuclei

phpPgAdmin <=4.1.1 - Cross-Site Scripting

▶

📋Vendor Advisories

Debian

CVE-2007-5728: phppgadmin - Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibl...↗2007

▶