FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- cross-site scripting vulnerability

Affected packages
phpMyAdmin <


VuXML ID 2d2dcbb4-906c-11dc-a951-0016179b2dd5
Discovery 2007-11-11
Entry 2007-11-11
Modified 2010-05-12

The DigiTrust Group reports:

When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since db_create.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when the database names are displayed.


CVE Name CVE-2007-5976
CVE Name CVE-2007-5977