CVE-2007-5976 — SQL Injection in Phpmyadmin

CWE-89 — SQL Injection6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

1.3%

top 19.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedNov 15

Latest updateMay 1

Description

SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.11.2.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.11.2.1-1+3

▶NVDphpmyadmin/phpmyadmin2.11.2

Patches

Patch: secunia.com ↗Patch: sourceforge.net ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-3jmv-pqcg-4h64: SQL injection vulnerability in db_create↗2022-05-01

▶

OSV

CVE-2007-5976: SQL injection vulnerability in db_create↗2007-11-15

▶

📋Vendor Advisories

Debian

CVE-2007-5976: phpmyadmin - SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allow...↗2007

▶

Red Hat

db_create SQL Injection↗

▶

💬Community

Bugzilla

CVE-2007-5976 db_create SQL Injection↗2007-11-15

▶