CVE-2007-1395

EPSS 2.4%

發布日:2007/3/10修改日:2026/5/7

也稱為:DEBIAN-CVE-2007-1395

描述

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

受影響套件(1)

Debian/phpmyadminfrom 0, < 4:2.10.0.2-1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-1395