CVE-2007-5589

2007-10-1923:17:00

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, © display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

OSVersionArchitecturePackageVersionFilename
Debian12allphpmyadmin< 4:2.11.1.2-1phpmyadmin_4:2.11.1.2-1_all.deb
Debian11allphpmyadmin< 4:2.11.1.2-1phpmyadmin_4:2.11.1.2-1_all.deb
Debian999allphpmyadmin< 4:2.11.1.2-1phpmyadmin_4:2.11.1.2-1_all.deb
Debian13allphpmyadmin< 4:2.11.1.2-1phpmyadmin_4:2.11.1.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	phpmyadmin	< 4:2.11.1.2-1	phpmyadmin_4:2.11.1.2-1_all.deb
Debian	11	all	phpmyadmin	< 4:2.11.1.2-1	phpmyadmin_4:2.11.1.2-1_all.deb
Debian	999	all	phpmyadmin	< 4:2.11.1.2-1	phpmyadmin_4:2.11.1.2-1_all.deb
Debian	13	all	phpmyadmin	< 4:2.11.1.2-1	phpmyadmin_4:2.11.1.2-1_all.deb