CVE-2007-5589

Publication date 19 October 2007

Last updated 24 July 2024

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
phpmyadmin	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Fixed 4:2.10.3-1ubuntu0.1
	7.04 feisty	Fixed 4:2.9.1.1-2ubuntu1.1
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

CVE-2007-5589

Status

Notes

wgrant

References

Other references