Description

Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

Remediation

References

CVE-2007-5386

Related Vulnerabilities

e107 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16388)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0018)

WordPress Plugin CYSTEME Finder, the admin files explorer Cross-Site Request Forgery (1.4)

WordPress Plugin Events Made Easy PHP Object Injection (2.0.52)

WordPress Plugin Responsive Media Gallery for WordPress-Everest Gallery Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

Severity

Medium

Classification

CVE-2007-5386 CWE-707

Tags

Missing Update Known Vulnerabilities