CVE-2007-4306
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin 2.10.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros 1) unlim_num_rows, (2) sql_query, o (3) pos de (a) tbl_export.php; los parámetros (4) session_max_rows or (5) pos parameter de (b) sql.php; el parámetro (6) username de (c) server_privileges.php; o el parámetro (7) sql_query de (d) main.php. NOTA: el vector 5 podría ser una regresión o solución incompleta para CVE-2006-6942.7.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-08-13 CVE Reserved
- 2007-08-13 CVE Published
- 2024-06-16 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://pridels-team.blogspot.com/2007/08/phpmyadmin-multiple-xss-vuln.html | X_refsource_misc | |
| http://www.securityfocus.com/bid/25268 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 | 2008-09-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 2.10.3 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.3" | - |
Affected
| ||||||