Description

SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.

Remediation

References

CVE-2007-5976

Related Vulnerabilities

WordPress Plugin ImageDrop 'ImageDrop.php' Blind SQL Injection (1.1.2)

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-23163)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12099)

WordPress Directory Traversal (3.7 - 5.0.3)

WordPress Plugin Event Registration 'event_id' Parameter SQL Injection (5.44)

Severity

Medium

Classification

CVE-2007-5976 CWE-138

Tags

Missing Update Known Vulnerabilities