CVE-2007-5589

Priority
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI.
Notes
 PMASA-2007-6
Assigned-to
fujitsu
Package
Upstream:released (2.11.1.2)
More Information

Updated: 2019-03-19 11:44:04 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)