CVE-2007-5386 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-5386
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5386

Description: Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/37077 SAID Secunia Advisory: SA27173 Secunia Advisory: SA27506 Secunia Advisory: SA27595 OSVDB 37678 MISC http://www.digitrustgroup.com/advisories/TDG-advisory071009a MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1403 CONFIRM http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=log http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/482339/100/0/threaded BID 26020

Return to the previous page.