| Vulnerability Name: | CVE-2007-5589 (CCN-37292) | ||||||||||||||||
| Assigned: | 2007-10-17 | ||||||||||||||||
| Published: | 2007-10-17 | ||||||||||||||||
| Updated: | 2017-08-17 | ||||||||||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. Note: there might also be other vectors related to (3) REQUEST_URI. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2007-5589 Source: SUSE Type: UNKNOWN SUSE-SR:2008:006 Source: OSVDB Type: UNKNOWN 37939 Source: CONFIRM Type: UNKNOWN http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796 Source: CONFIRM Type: UNKNOWN http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796 Source: CCN Type: SA27246 phpMyAdmin "server_status.php" Cross-Site Scripting Source: SECUNIA Type: Vendor Advisory 27246 Source: SECUNIA Type: UNKNOWN 27506 Source: SECUNIA Type: UNKNOWN 27595 Source: SECUNIA Type: UNKNOWN 29323 Source: DEBIAN Type: UNKNOWN DSA-1403 Source: DEBIAN Type: DSA-1403 phpmyadmin -- missing input sanitising Source: CCN Type: The DigiTrust Group Web site The DigiTrust Group Advisory #071015a: phpMyAdmin Source: MISC Type: UNKNOWN http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html Source: MANDRIVA Type: UNKNOWN MDKSA-2007:199 Source: CCN Type: OSVDB ID: 37939 phpMyAdmin server_status.php URL XSS Source: CCN Type: phpMyAdmin security announcement PMASA-2007-6 XSS vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6 Source: BID Type: UNKNOWN 26301 Source: CCN Type: BID-26301 phpMyAdmin Server_Status.PHP Cross-Site Scripting Vulnerability Source: VUPEN Type: UNKNOWN ADV-2007-3535 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=333661 Source: XF Type: UNKNOWN phpmyadmin-serverstatus-xss(37292) Source: XF Type: UNKNOWN phpmyadmin-serverstatus-xss(37292) Source: FEDORA Type: UNKNOWN FEDORA-2007-2738 Source: SUSE Type: SUSE-SR:2008:006 SUSE Security Summary Report | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||