WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5977)

Description

Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.

Remediation

References

Related Vulnerabilities

MySQL CVE-2016-0663 Vulnerability (CVE-2016-0663)

WordPress Plugin Cookie Notice & Compliance for GDPR/CCPA Cross-Site Scripting (2.1.1)

Moodle DEPRECATED: Code Vulnerability (CVE-2015-2270)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25602)

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-12461)

Severity

Low

Classification

CVE-2007-5977 CWE-707

Tags

Missing Update Known Vulnerabilities