CVE-2007-5589 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpmyadmin	Phpmyadmin

Configuration 1 [-]

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
http://osvdb.org/37939
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796
http://secunia.com/advisories/27246
http://secunia.com/advisories/27506
http://secunia.com/advisories/27595
http://secunia.com/advisories/29323
http://www.debian.org/security/2007/dsa-1403
http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6
http://www.securityfocus.com/bid/26301
http://www.vupen.com/english/advisories/2007/3535
https://bugzilla.redhat.com/show_bug.cgi?id=333661
https://exchange.xforce.ibmcloud.com/vulnerabilities/37292
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-19T23:00:00

Updated: 2024-08-07T15:39:13.231Z

Reserved: 2007-10-19T00:00:00

Link: CVE-2007-5589

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-19T23:17:00.000

Modified: 2024-11-21T00:38:15.740

Link: CVE-2007-5589

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-3535", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3535"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796"}, {"name": "27246", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27246"}, {"tags": ["x_refsource_MISC"], "url": "http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796"}, {"name": "FEDORA-2007-2738", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html"}, {"name": "phpmyadmin-serverstatus-xss(37292)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37292"}, {"name": "27506", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27506"}, {"name": "26301", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26301"}, {"name": "DSA-1403", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1403"}, {"name": "SUSE-SR:2008:006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"name": "37939", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37939"}, {"name": "MDKSA-2007:199", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"}, {"name": "27595", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27595"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333661"}, {"name": "29323", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29323"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5589", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-3535", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3535"}, {"name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796", "refsource": "CONFIRM", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796"}, {"name": "27246", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27246"}, {"name": "http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html", "refsource": "MISC", "url": "http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html"}, {"name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6", "refsource": "CONFIRM", "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6"}, {"name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796", "refsource": "CONFIRM", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796"}, {"name": "FEDORA-2007-2738", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html"}, {"name": "phpmyadmin-serverstatus-xss(37292)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37292"}, {"name": "27506", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27506"}, {"name": "26301", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26301"}, {"name": "DSA-1403", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1403"}, {"name": "SUSE-SR:2008:006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"name": "37939", "refsource": "OSVDB", "url": "http://osvdb.org/37939"}, {"name": "MDKSA-2007:199", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"}, {"name": "27595", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27595"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=333661", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333661"}, {"name": "29323", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29323"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.231Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-3535", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3535"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796"}, {"name": "27246", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27246"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796"}, {"name": "FEDORA-2007-2738", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html"}, {"name": "phpmyadmin-serverstatus-xss(37292)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37292"}, {"name": "27506", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27506"}, {"name": "26301", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26301"}, {"name": "DSA-1403", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1403"}, {"name": "SUSE-SR:2008:006", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"name": "37939", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37939"}, {"name": "MDKSA-2007:199", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"}, {"name": "27595", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27595"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333661"}, {"name": "29323", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29323"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5589", "datePublished": "2007-10-19T23:00:00", "dateReserved": "2007-10-19T00:00:00", "dateUpdated": "2024-08-07T15:39:13.231Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "51C3099C-F649-4043-8BE8-7B881A8CD665", "versionEndIncluding": "2.11.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en phpMyAdmin versiones anteriores a 2.11.1.2, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de cierta entrada disponible en (1) PHP_SELF en (a) el archivo server_status.php, y las bibliotecas (b) grab_globals.lib.php, (c) display_change_password.lib.php y (d) common.lib.php en libraries/; y ciertas entradas disponibles en PHP_SELF y (2) PATH_INFO en la biblioteca libraries/common.inc.php. NOTA: tambi\u00e9n puede haber otros vectores relacionados con (3) REQUEST_URI."}], "id": "CVE-2007-5589", "lastModified": "2024-11-21T00:38:15.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-10-19T23:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37939"}, {"source": "cve@mitre.org", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796"}, {"source": "cve@mitre.org", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27246"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27506"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27595"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29323"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1403"}, {"source": "cve@mitre.org", "url": "http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"}, {"source": "cve@mitre.org", "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26301"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3535"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333661"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37292"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27246"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27506"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27595"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26301"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}