CVE-2007-5386 - OpenCVE

Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpmyadmin	Phpmyadmin

Configuration 1 [-]

cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/37678
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=log
http://secunia.com/advisories/27173
http://secunia.com/advisories/27506
http://secunia.com/advisories/27595
http://www.debian.org/security/2007/dsa-1403
http://www.digitrustgroup.com/advisories/TDG-advisory071009a
http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5
http://www.securityfocus.com/archive/1/482339/100/0/threaded
http://www.securityfocus.com/bid/26020
http://www.vupen.com/english/advisories/2007/3469
https://bugzilla.redhat.com/show_bug.cgi?id=333661
https://exchange.xforce.ibmcloud.com/vulnerabilities/37077
https://sourceforge.net/tracker/index.php?func=detail&aid=1810629&group_id=23067&atid=377408
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-12T10:00:00

Updated: 2024-08-07T15:31:58.532Z

Reserved: 2007-10-11T00:00:00

Link: CVE-2007-5386

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-12T10:17:00.000

Modified: 2018-10-15T21:44:15.357

Link: CVE-2007-5386

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=log"}, {"name": "27173", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27173"}, {"name": "FEDORA-2007-2738", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html"}, {"name": "27506", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27506"}, {"name": "phpmyadmin-setup-xss(37077)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37077"}, {"name": "DSA-1403", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1403"}, {"name": "20071015 about phpMyAdmin setup.php XSS vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482339/100/0/threaded"}, {"name": "37678", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37678"}, {"name": "MDKSA-2007:199", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"}, {"name": "27595", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27595"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333661"}, {"tags": ["x_refsource_MISC"], "url": "http://www.digitrustgroup.com/advisories/TDG-advisory071009a"}, {"name": "26020", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26020"}, {"name": "ADV-2007-3469", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3469"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1810629&group_id=23067&atid=377408"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5386", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=log", "refsource": "CONFIRM", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=log"}, {"name": "27173", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27173"}, {"name": "FEDORA-2007-2738", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html"}, {"name": "27506", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27506"}, {"name": "phpmyadmin-setup-xss(37077)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37077"}, {"name": "DSA-1403", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1403"}, {"name": "20071015 about phpMyAdmin setup.php XSS vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482339/100/0/threaded"}, {"name": "37678", "refsource": "OSVDB", "url": "http://osvdb.org/37678"}, {"name": "MDKSA-2007:199", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"}, {"name": "27595", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27595"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=333661", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333661"}, {"name": "http://www.digitrustgroup.com/advisories/TDG-advisory071009a", "refsource": "MISC", "url": "http://www.digitrustgroup.com/advisories/TDG-advisory071009a"}, {"name": "26020", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26020"}, {"name": "ADV-2007-3469", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3469"}, {"name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748", "refsource": "CONFIRM", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748"}, {"name": "https://sourceforge.net/tracker/index.php?func=detail&aid=1810629&group_id=23067&atid=377408", "refsource": "CONFIRM", "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1810629&group_id=23067&atid=377408"}, {"name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5", "refsource": "CONFIRM", "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:31:58.532Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=log"}, {"name": "27173", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27173"}, {"name": "FEDORA-2007-2738", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html"}, {"name": "27506", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27506"}, {"name": "phpmyadmin-setup-xss(37077)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37077"}, {"name": "DSA-1403", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1403"}, {"name": "20071015 about phpMyAdmin setup.php XSS vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482339/100/0/threaded"}, {"name": "37678", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37678"}, {"name": "MDKSA-2007:199", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"}, {"name": "27595", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27595"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333661"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.digitrustgroup.com/advisories/TDG-advisory071009a"}, {"name": "26020", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26020"}, {"name": "ADV-2007-3469", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3469"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1810629&group_id=23067&atid=377408"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5386", "datePublished": "2007-10-12T10:00:00", "dateReserved": "2007-10-11T00:00:00", "dateUpdated": "2024-08-07T15:31:58.532Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B9F52BC-AC6A-41BB-8276-6176FA068929", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo scripts/setup.php en phpMyAdmin versi\u00f3n 2.11.1, cuando es accedida mediante un navegador que no codifica las peticiones de URL, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de la cadena de consulta."}], "id": "CVE-2007-5386", "lastModified": "2018-10-15T21:44:15.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-10-12T10:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37678"}, {"source": "cve@mitre.org", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10748&r2=10747&pathrev=10748"}, {"source": "cve@mitre.org", "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/?view=log"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27173"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27506"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27595"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1403"}, {"source": "cve@mitre.org", "url": "http://www.digitrustgroup.com/advisories/TDG-advisory071009a"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"}, {"source": "cve@mitre.org", "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482339/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26020"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3469"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333661"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37077"}, {"source": "cve@mitre.org", "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1810629&group_id=23067&atid=377408"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}