CVE-2007-5728
published 2007-10-30CVE-2007-5728: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
14.64%
96.2th percentile
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phppgadmin | < phppgadmin 4.1.3-0.1 (forky) | phppgadmin 4.1.3-0.1 (forky) |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin_project | phppgadmin | >= 0 < 4.1.3-0.1 | 4.1.3-0.1 |
| phppgadmin_project | phppgadmin | >= 0 < 4.1.3-0.1 | 4.1.3-0.1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv9.3CRITICAL
vendor_debian9.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jfpr-w2hm-9rpw: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-5728 [CRITICAL] CWE-79 GHSA-jfpr-w2hm-9rpw: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
OSV
CVE-2007-5728: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3
osv·2007-10-30·CVSS 9.3
CVE-2007-5728 [CRITICAL] CVE-2007-5728: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
Debian
CVE-2007-5728: phppgadmin - Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibl...
vendor_debian·2007·CVSS 9.3
CVE-2007-5728 [CRITICAL] CVE-2007-5728: phppgadmin - Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibl...
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
Scope: local
forky: resolved (fixed in 4.1.3-0.1)
sid: resolved (fixed in 4.1.3-0.1)
trixie: resolved (fixed in 4.1.3-0.1)
No detection rules found.
Exploit-DB
phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
exploitdb·2007-05-25
CVE-2007-5728 phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/24182/info
phpPgAdmin is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test
Nuclei
phpPgAdmin <=4.1.1 - Cross-Site Scripting
nuclei·CVSS 9.3
CVE-2007-5728 [CRITICAL] phpPgAdmin <=4.1.1 - Cross-Site Scripting
phpPgAdmin alert(document.domain)'
- 'phpPgAdmin'
condition: and
case-insensitive: true
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a00473045022100a2f373e6ee365a07d9f5fa2fbf196d7dcb53afaad01ee2778b884b38482591e5022018859a18052ecdb887c59c2b2466a4c9a1e47811bd89656da6627de31e898144:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.htmlhttp://osvdb.org/36699http://secunia.com/advisories/25446http://secunia.com/advisories/27756http://secunia.com/advisories/33263http://www.debian.org/security/2008/dsa-1693http://www.novell.com/linux/security/advisories/2007_24_sr.htmlhttp://www.securityfocus.com/bid/24182https://exchange.xforce.ibmcloud.com/vulnerabilities/34550http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.htmlhttp://osvdb.org/36699http://secunia.com/advisories/25446http://secunia.com/advisories/27756http://secunia.com/advisories/33263http://www.debian.org/security/2008/dsa-1693http://www.novell.com/linux/security/advisories/2007_24_sr.htmlhttp://www.securityfocus.com/bid/24182https://exchange.xforce.ibmcloud.com/vulnerabilities/34550
2007-10-30
Published