Lucene search

MitreCVE-2007-1395

HistoryMar 10, 2007 - 10:19 p.m.

CVE-2007-1395

2007-03-1022:19:00

mitre

web.nvd.nist.gov

cve

2007

1395

incomplete

blacklist

vulnerability

xss

phpmyadmin

index.php

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.08

Percentile

94.3%

JSON

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.8.0

phpmyadminphpmyadminMatch2.8.0.1

phpmyadminphpmyadminMatch2.8.0.2

phpmyadminphpmyadminMatch2.8.0.3

phpmyadminphpmyadminMatch2.8.1

phpmyadminphpmyadminMatch2.8.1_dev

phpmyadminphpmyadminMatch2.8.2

phpmyadminphpmyadminMatch2.8.3

phpmyadminphpmyadminMatch2.8.4

phpmyadminphpmyadminMatch2.9

phpmyadminphpmyadminMatch2.9.0

phpmyadminphpmyadminMatch2.9.0.1

phpmyadminphpmyadminMatch2.9.0.2

phpmyadminphpmyadminMatch2.9.0.3

phpmyadminphpmyadminMatch2.9.0_beta1

phpmyadminphpmyadminMatch2.9.0_dev

phpmyadminphpmyadminMatch2.9.0_rc1

phpmyadminphpmyadminMatch2.9.1

phpmyadminphpmyadminMatch2.9.1.1

phpmyadminphpmyadminMatch2.9.1_rc1

phpmyadminphpmyadminMatch2.9.1_rc2

phpmyadminphpmyadminMatch2.9.2

VendorProductVersionCPE
phpmyadminphpmyadmin2.8.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.8.0.1cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.8.0.2cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.8.0.3cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.8.1cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.8.1_devcpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.8.2cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.2:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.8.3cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.8.4cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.9cpe:2.3:a:phpmyadmin:phpmyadmin:2.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.8.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0:::::::*
phpmyadmin	phpmyadmin	2.8.0.1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1:::::::*
phpmyadmin	phpmyadmin	2.8.0.2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2:::::::*
phpmyadmin	phpmyadmin	2.8.0.3	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3:::::::*
phpmyadmin	phpmyadmin	2.8.1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1:::::::*
phpmyadmin	phpmyadmin	2.8.1_dev	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev:::::::*
phpmyadmin	phpmyadmin	2.8.2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.2:::::::*
phpmyadmin	phpmyadmin	2.8.3	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3:::::::*
phpmyadmin	phpmyadmin	2.8.4	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4:::::::*
phpmyadmin	phpmyadmin	2.9	cpe:2.3:a:phpmyadmin:phpmyadmin:2.9:::::::*