Search criteria
21 vulnerabilities found for phppgadmin by phppgadmin
CVE-2021-47853 (GCVE-0-2021-47853)
Vulnerability from nvd ā Published: 2026-01-21 17:27 ā Updated: 2026-01-22 15:15
VLAI?
Title
phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution
Summary
phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operating system commands with the application's privileges.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phppgadmin | phpPgAdmin |
Affected:
7.13.0
|
Credits
Valerio Severini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47853",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:15:09.467591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T15:15:17.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpPgAdmin",
"vendor": "phppgadmin",
"versions": [
{
"status": "affected",
"version": "7.13.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Valerio Severini"
}
],
"descriptions": [
{
"lang": "en",
"value": "phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operating system commands with the application\u0027s privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T17:27:37.681Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49736",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49736"
},
{
"name": "phpPgAdmin Official Release Page",
"tags": [
"product"
],
"url": "https://github.com/phppgadmin/phppgadmin/releases"
},
{
"name": "VulnCheck Advisory: phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/phppgadmin-copy-from-program-command-execution"
}
],
"title": "phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47853",
"datePublished": "2026-01-21T17:27:37.681Z",
"dateReserved": "2026-01-14T17:11:19.903Z",
"dateUpdated": "2026-01-22T15:15:17.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-3598 (GCVE-0-2011-3598)
Vulnerability from nvd ā Published: 2011-10-08 01:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-13805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html"
},
{
"name": "46426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46426"
},
{
"name": "[phppgadmin-news] 20111003 [ppa-news] phpPgAdmin 5.0.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news"
},
{
"name": "openSUSE-SU-2012:0493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=385505"
},
{
"name": "46248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46248"
},
{
"name": "75998",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75998"
},
{
"name": "FEDORA-2011-13801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html"
},
{
"name": "[oss-security] 20111004 Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/phppgadmin/releases/336969"
},
{
"name": "[oss-security] 20111004 CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/1"
},
{
"name": "49914",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743205"
},
{
"name": "75997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75997"
},
{
"name": "FEDORA-2011-13748",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T23:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-13805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html"
},
{
"name": "46426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46426"
},
{
"name": "[phppgadmin-news] 20111003 [ppa-news] phpPgAdmin 5.0.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news"
},
{
"name": "openSUSE-SU-2012:0493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=385505"
},
{
"name": "46248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46248"
},
{
"name": "75998",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75998"
},
{
"name": "FEDORA-2011-13801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html"
},
{
"name": "[oss-security] 20111004 Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/phppgadmin/releases/336969"
},
{
"name": "[oss-security] 20111004 CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/1"
},
{
"name": "49914",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743205"
},
{
"name": "75997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75997"
},
{
"name": "FEDORA-2011-13748",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3598",
"datePublished": "2011-10-08T01:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5587 (GCVE-0-2008-5587)
Vulnerability from nvd ā Published: 2008-12-16 18:00 ā Updated: 2024-08-07 10:56
VLAI?
Summary
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:47.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"name": "phppgadmin-index-file-include(47140)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140"
},
{
"name": "7363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7363"
},
{
"name": "33014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33014"
},
{
"name": "32670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32670"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "4737",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4737"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:0493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"name": "phppgadmin-index-file-include(47140)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140"
},
{
"name": "7363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7363"
},
{
"name": "33014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33014"
},
{
"name": "32670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32670"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "4737",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4737"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0493",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"name": "phppgadmin-index-file-include(47140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140"
},
{
"name": "7363",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7363"
},
{
"name": "33014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33014"
},
{
"name": "32670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32670"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "4737",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4737"
},
{
"name": "33263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5587",
"datePublished": "2008-12-16T18:00:00",
"dateReserved": "2008-12-16T00:00:00",
"dateUpdated": "2024-08-07T10:56:47.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5728 (GCVE-0-2007-5728)
Vulnerability from nvd ā Published: 2007-10-30 21:00 ā Updated: 2024-08-07 15:39
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "36699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36699"
},
{
"name": "20070527 phpPgAdmin Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html"
},
{
"name": "25446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25446"
},
{
"name": "24182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24182"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "phppgadmin-redirect-xss(34550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34550"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "36699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36699"
},
{
"name": "20070527 phpPgAdmin Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html"
},
{
"name": "25446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25446"
},
{
"name": "24182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24182"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "phppgadmin-redirect-xss(34550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34550"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27756"
},
{
"name": "36699",
"refsource": "OSVDB",
"url": "http://osvdb.org/36699"
},
{
"name": "20070527 phpPgAdmin Multiple XSS Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html"
},
{
"name": "25446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25446"
},
{
"name": "24182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24182"
},
{
"name": "SUSE-SR:2007:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33263"
},
{
"name": "phppgadmin-redirect-xss(34550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34550"
},
{
"name": "DSA-1693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5728",
"datePublished": "2007-10-30T21:00:00",
"dateReserved": "2007-10-30T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2865 (GCVE-0-2007-2865)
Vulnerability from nvd ā Published: 2007-05-25 18:00 ā Updated: 2024-08-07 13:57
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phppgadmin-sqledit-xss(34456)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
},
{
"name": "38138",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38138"
},
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "24115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24115"
},
{
"name": "20070522 phpPgAdmin XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=117987658110713\u0026w=2"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phppgadmin-sqledit-xss(34456)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
},
{
"name": "38138",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38138"
},
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "24115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24115"
},
{
"name": "20070522 phpPgAdmin XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=117987658110713\u0026w=2"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phppgadmin-sqledit-xss(34456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
},
{
"name": "38138",
"refsource": "OSVDB",
"url": "http://osvdb.org/38138"
},
{
"name": "27756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27756"
},
{
"name": "24115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24115"
},
{
"name": "20070522 phpPgAdmin XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=117987658110713\u0026w=2"
},
{
"name": "SUSE-SR:2007:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2865",
"datePublished": "2007-05-25T18:00:00",
"dateReserved": "2007-05-25T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2256 (GCVE-0-2005-2256)
Vulnerability from nvd ā Published: 2005-07-13 04:00 ā Updated: 2024-08-07 22:22
VLAI?
Summary
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:47.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-759",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-759"
},
{
"name": "[Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
},
{
"name": "14142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14142"
},
{
"name": "1014414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014414"
},
{
"name": "16116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"name": "15941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15941"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via \"%2e%2e%2f\" (encoded dot dot) sequences in the formLanguage parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-759",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-759"
},
{
"name": "[Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
},
{
"name": "14142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14142"
},
{
"name": "1014414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014414"
},
{
"name": "16116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"name": "15941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15941"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via \"%2e%2e%2f\" (encoded dot dot) sequences in the formLanguage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-759",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-759"
},
{
"name": "[Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!",
"refsource": "MLIST",
"url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"name": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html",
"refsource": "MISC",
"url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
},
{
"name": "14142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14142"
},
{
"name": "1014414",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014414"
},
{
"name": "16116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16116"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=342261",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"name": "15941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15941"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2256",
"datePublished": "2005-07-13T04:00:00",
"dateReserved": "2005-07-13T00:00:00",
"dateUpdated": "2024-08-07T22:22:47.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0479 (GCVE-0-2001-0479)
Vulnerability from nvd ā Published: 2001-05-24 04:00 ā Updated: 2024-08-08 04:21
VLAI?
Summary
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13"
},
{
"name": "2640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2640"
},
{
"name": "20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-05-08T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13"
},
{
"name": "2640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2640"
},
{
"name": "20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13",
"refsource": "CONFIRM",
"url": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13"
},
{
"name": "2640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2640"
},
{
"name": "20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0479",
"datePublished": "2001-05-24T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47853 (GCVE-0-2021-47853)
Vulnerability from cvelistv5 ā Published: 2026-01-21 17:27 ā Updated: 2026-01-22 15:15
VLAI?
Title
phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution
Summary
phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operating system commands with the application's privileges.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phppgadmin | phpPgAdmin |
Affected:
7.13.0
|
Credits
Valerio Severini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47853",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:15:09.467591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T15:15:17.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "phpPgAdmin",
"vendor": "phppgadmin",
"versions": [
{
"status": "affected",
"version": "7.13.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Valerio Severini"
}
],
"descriptions": [
{
"lang": "en",
"value": "phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operating system commands with the application\u0027s privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T17:27:37.681Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49736",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49736"
},
{
"name": "phpPgAdmin Official Release Page",
"tags": [
"product"
],
"url": "https://github.com/phppgadmin/phppgadmin/releases"
},
{
"name": "VulnCheck Advisory: phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/phppgadmin-copy-from-program-command-execution"
}
],
"title": "phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47853",
"datePublished": "2026-01-21T17:27:37.681Z",
"dateReserved": "2026-01-14T17:11:19.903Z",
"dateUpdated": "2026-01-22T15:15:17.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-3598 (GCVE-0-2011-3598)
Vulnerability from cvelistv5 ā Published: 2011-10-08 01:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-13805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html"
},
{
"name": "46426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46426"
},
{
"name": "[phppgadmin-news] 20111003 [ppa-news] phpPgAdmin 5.0.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news"
},
{
"name": "openSUSE-SU-2012:0493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=385505"
},
{
"name": "46248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46248"
},
{
"name": "75998",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75998"
},
{
"name": "FEDORA-2011-13801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html"
},
{
"name": "[oss-security] 20111004 Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/phppgadmin/releases/336969"
},
{
"name": "[oss-security] 20111004 CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/1"
},
{
"name": "49914",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743205"
},
{
"name": "75997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75997"
},
{
"name": "FEDORA-2011-13748",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T23:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-13805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html"
},
{
"name": "46426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46426"
},
{
"name": "[phppgadmin-news] 20111003 [ppa-news] phpPgAdmin 5.0.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news"
},
{
"name": "openSUSE-SU-2012:0493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=385505"
},
{
"name": "46248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46248"
},
{
"name": "75998",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75998"
},
{
"name": "FEDORA-2011-13801",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html"
},
{
"name": "[oss-security] 20111004 Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/phppgadmin/releases/336969"
},
{
"name": "[oss-security] 20111004 CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/1"
},
{
"name": "49914",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743205"
},
{
"name": "75997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75997"
},
{
"name": "FEDORA-2011-13748",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3598",
"datePublished": "2011-10-08T01:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5587 (GCVE-0-2008-5587)
Vulnerability from cvelistv5 ā Published: 2008-12-16 18:00 ā Updated: 2024-08-07 10:56
VLAI?
Summary
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:47.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"name": "phppgadmin-index-file-include(47140)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140"
},
{
"name": "7363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7363"
},
{
"name": "33014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33014"
},
{
"name": "32670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32670"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "4737",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4737"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:0493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"name": "phppgadmin-index-file-include(47140)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140"
},
{
"name": "7363",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7363"
},
{
"name": "33014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33014"
},
{
"name": "32670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32670"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "4737",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4737"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0493",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"name": "phppgadmin-index-file-include(47140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140"
},
{
"name": "7363",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7363"
},
{
"name": "33014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33014"
},
{
"name": "32670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32670"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "4737",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4737"
},
{
"name": "33263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5587",
"datePublished": "2008-12-16T18:00:00",
"dateReserved": "2008-12-16T00:00:00",
"dateUpdated": "2024-08-07T10:56:47.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5728 (GCVE-0-2007-5728)
Vulnerability from cvelistv5 ā Published: 2007-10-30 21:00 ā Updated: 2024-08-07 15:39
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "36699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36699"
},
{
"name": "20070527 phpPgAdmin Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html"
},
{
"name": "25446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25446"
},
{
"name": "24182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24182"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "phppgadmin-redirect-xss(34550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34550"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "36699",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36699"
},
{
"name": "20070527 phpPgAdmin Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html"
},
{
"name": "25446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25446"
},
{
"name": "24182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24182"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "phppgadmin-redirect-xss(34550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34550"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27756"
},
{
"name": "36699",
"refsource": "OSVDB",
"url": "http://osvdb.org/36699"
},
{
"name": "20070527 phpPgAdmin Multiple XSS Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html"
},
{
"name": "25446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25446"
},
{
"name": "24182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24182"
},
{
"name": "SUSE-SR:2007:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33263"
},
{
"name": "phppgadmin-redirect-xss(34550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34550"
},
{
"name": "DSA-1693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5728",
"datePublished": "2007-10-30T21:00:00",
"dateReserved": "2007-10-30T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2865 (GCVE-0-2007-2865)
Vulnerability from cvelistv5 ā Published: 2007-05-25 18:00 ā Updated: 2024-08-07 13:57
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phppgadmin-sqledit-xss(34456)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
},
{
"name": "38138",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38138"
},
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "24115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24115"
},
{
"name": "20070522 phpPgAdmin XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=117987658110713\u0026w=2"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phppgadmin-sqledit-xss(34456)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
},
{
"name": "38138",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38138"
},
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "24115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24115"
},
{
"name": "20070522 phpPgAdmin XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=117987658110713\u0026w=2"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phppgadmin-sqledit-xss(34456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
},
{
"name": "38138",
"refsource": "OSVDB",
"url": "http://osvdb.org/38138"
},
{
"name": "27756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27756"
},
{
"name": "24115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24115"
},
{
"name": "20070522 phpPgAdmin XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=117987658110713\u0026w=2"
},
{
"name": "SUSE-SR:2007:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2865",
"datePublished": "2007-05-25T18:00:00",
"dateReserved": "2007-05-25T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2256 (GCVE-0-2005-2256)
Vulnerability from cvelistv5 ā Published: 2005-07-13 04:00 ā Updated: 2024-08-07 22:22
VLAI?
Summary
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:47.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-759",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-759"
},
{
"name": "[Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
},
{
"name": "14142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14142"
},
{
"name": "1014414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014414"
},
{
"name": "16116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"name": "15941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15941"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via \"%2e%2e%2f\" (encoded dot dot) sequences in the formLanguage parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-759",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-759"
},
{
"name": "[Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
},
{
"name": "14142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14142"
},
{
"name": "1014414",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014414"
},
{
"name": "16116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"name": "15941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15941"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via \"%2e%2e%2f\" (encoded dot dot) sequences in the formLanguage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-759",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-759"
},
{
"name": "[Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!",
"refsource": "MLIST",
"url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"name": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html",
"refsource": "MISC",
"url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
},
{
"name": "14142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14142"
},
{
"name": "1014414",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014414"
},
{
"name": "16116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16116"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=342261",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"name": "15941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15941"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2256",
"datePublished": "2005-07-13T04:00:00",
"dateReserved": "2005-07-13T00:00:00",
"dateUpdated": "2024-08-07T22:22:47.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0479 (GCVE-0-2001-0479)
Vulnerability from cvelistv5 ā Published: 2001-05-24 04:00 ā Updated: 2024-08-08 04:21
VLAI?
Summary
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13"
},
{
"name": "2640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2640"
},
{
"name": "20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-05-08T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13"
},
{
"name": "2640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2640"
},
{
"name": "20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13",
"refsource": "CONFIRM",
"url": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13"
},
{
"name": "2640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2640"
},
{
"name": "20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0479",
"datePublished": "2001-05-24T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-200705-0086
Vulnerability from variot - Updated: 2023-12-18 13:58Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. Cisco CallManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. Cisco CallManager 4.1.1 is reported vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0086",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(3\\)sr1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.2\\(3\\)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.3\\(1\\)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(2\\)es33"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(3\\)sr3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.2\\(3\\)sr1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(2\\)es55"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(3\\)es07"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(3\\)sr2"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(3\\)es32"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3\\(4\\)es25"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3\\(3\\)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3\\(5\\)es30"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3\\(5\\)sr1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3\\(3\\)es61"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3\\(5\\)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3\\(5\\)sr2"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "before 4.1(3)sr5"
},
{
"model": "call manager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "call manager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3(1)sr1"
},
{
"model": "call manager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.2(3)sr2"
},
{
"model": "phppgadmin",
"scope": "eq",
"trust": 0.3,
"vendor": "phppgadmin",
"version": "4.1.1"
},
{
"model": "unified callmanager 4.1 sr5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager 4.1 sr4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "unified communications manager 4.2 sr2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager 4.3 sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager 3.3 sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "24119"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002067"
},
{
"db": "NVD",
"id": "CVE-2007-2832"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-460"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(4\\)es25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)es07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)es32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.2\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)es30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(3\\)es61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(2\\)es33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(2\\)es55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.2\\(3\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2832"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef and Stefan Friedli are credited with discovering this vulnerability.",
"sources": [
{
"db": "BID",
"id": "24119"
}
],
"trust": 0.3
},
"cve": "CVE-2007-2832",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-2832",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-26194",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-2832",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200705-460",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26194",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26194"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002067"
},
{
"db": "NVD",
"id": "CVE-2007-2832"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-460"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. Cisco CallManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. \nExploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. \nCisco CallManager 4.1.1 is reported vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2832"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002067"
},
{
"db": "BID",
"id": "24119"
},
{
"db": "VULHUB",
"id": "VHN-26194"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-26194",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26194"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-2832",
"trust": 2.8
},
{
"db": "BID",
"id": "24119",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1018105",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-1922",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25377",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "35337",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002067",
"trust": 0.8
},
{
"db": "XF",
"id": "34465",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20070523 CISCO CALLMANAGER 4.1 INPUT VALIDATION VULNERABILITY",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20070523 CISCO CALLMANAGER INPUT VALIDATION VULNERABILITY",
"trust": 0.6
},
{
"db": "MISC",
"id": "HTTP://WWW.SCIP.CH/CGI-BIN/SMSS/SHOWADVF.PL?ID=2977",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200705-460",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-83536",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "30077",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-26194",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26194"
},
{
"db": "BID",
"id": "24119"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002067"
},
{
"db": "NVD",
"id": "CVE-2007-2832"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-460"
}
]
},
"id": "VAR-200705-0086",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26194"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:58:20.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Document ID: 604",
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/csr/cisco-sr-20070523-ccm.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2832"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24119"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a0080849272.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/35337"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018105"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25377"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=full-disclosure\u0026m=117993122727006\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/1922"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34465"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2832"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2832"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/1922"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34465"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/cc/pd/nemnsw/callmn/index.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/469349"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20070523-ccm.shtml"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=full-disclosure\u0026amp;m=117993122727006\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26194"
},
{
"db": "BID",
"id": "24119"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002067"
},
{
"db": "NVD",
"id": "CVE-2007-2832"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-460"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26194"
},
{
"db": "BID",
"id": "24119"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002067"
},
{
"db": "NVD",
"id": "CVE-2007-2832"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-460"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-26194"
},
{
"date": "2007-05-23T00:00:00",
"db": "BID",
"id": "24119"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002067"
},
{
"date": "2007-05-24T02:30:00",
"db": "NVD",
"id": "CVE-2007-2832"
},
{
"date": "2007-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-460"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-26194"
},
{
"date": "2015-05-07T17:37:00",
"db": "BID",
"id": "24119"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002067"
},
{
"date": "2017-07-29T01:31:45.987000",
"db": "NVD",
"id": "CVE-2007-2832"
},
{
"date": "2007-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-460"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-460"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco CallManager of Web Application firewall cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-460"
}
],
"trust": 0.6
}
}
FKIE_CVE-2011-3598
Vulnerability from fkie_nvd - Published: 2011-10-08 02:52 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://freshmeat.net/projects/phppgadmin/releases/336969 | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html | ||
| secalert@redhat.com | http://osvdb.org/75997 | ||
| secalert@redhat.com | http://osvdb.org/75998 | ||
| secalert@redhat.com | http://secunia.com/advisories/46248 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46426 | ||
| secalert@redhat.com | http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news | Patch | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/10/04/1 | Patch | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/10/04/10 | Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/49914 | ||
| secalert@redhat.com | https://bugs.gentoo.org/show_bug.cgi?id=385505 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=743205 | Patch | |
| secalert@redhat.com | https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://freshmeat.net/projects/phppgadmin/releases/336969 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/75997 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/75998 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46248 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46426 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/10/04/1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/10/04/10 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49914 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=385505 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=743205 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phppgadmin | phppgadmin | * | |
| phppgadmin | phppgadmin | 2.2 | |
| phppgadmin | phppgadmin | 2.2.1 | |
| phppgadmin | phppgadmin | 3.1 | |
| phppgadmin | phppgadmin | 3.2 | |
| phppgadmin | phppgadmin | 3.3 | |
| phppgadmin | phppgadmin | 3.4 | |
| phppgadmin | phppgadmin | 3.4.1 | |
| phppgadmin | phppgadmin | 3.5 | |
| phppgadmin | phppgadmin | 3.5.2 | |
| phppgadmin | phppgadmin | 3.5.3 | |
| phppgadmin | phppgadmin | 4.1.1 | |
| phppgadmin | phppgadmin | 4.2.1 | |
| phppgadmin | phppgadmin | 4.2.2 | |
| phppgadmin | phppgadmin | 4.2.3 | |
| phppgadmin | phppgadmin | 5.0.0 | |
| phppgadmin | phppgadmin | 5.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7A7773-6590-4486-A2F1-5B4D699FE779",
"versionEndIncluding": "5.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B268F49-4F3A-4D05-8079-05EB75E1AE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2CCA02-7AE3-4CF8-A514-ABCC16CDF435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23D4530-0B63-459C-B7F2-84F5866CCA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47A293B3-3E81-4B7E-8D24-EC1B57C2CD83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1893B7A4-D303-4DA7-B3C5-264413A5D473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "974D3D46-7DEB-45E5-B615-D95C2355F6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A913E0DA-8076-4850-B218-F65C8A86F370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81B74FF6-8280-4A14-B988-F58FB7915232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A673AB66-EE9C-4873-873B-72FA25F3ADB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45DAC8C2-1469-41EA-B155-A9F24A46DD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA8E6BB-8BEB-4FDF-8935-EACED78E7EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD7FEB-B23E-43BE-8682-AD70C4D7BE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D79FAC8-65ED-461C-9FFF-5010D8BAC6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7330FE3A-45FF-49D4-A6A6-4305A112E1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D802197-3B55-478E-8DB9-7ADAD09A9060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD50410-0906-4FE6-9BB2-5757874E5381",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en phpPgAdmin anteriores a v5.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) t\u00edtulo de la p\u00e1gina web,relativo a classes/Misc.php; o el par\u00e1metro (2) return_url o (3) return_desc sobredisplay.php."
}
],
"id": "CVE-2011-3598",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-08T02:52:52.473",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://freshmeat.net/projects/phppgadmin/releases/336969"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/75997"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/75998"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46248"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46426"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/10"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49914"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=385505"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743205"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://freshmeat.net/projects/phppgadmin/releases/336969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/75997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/75998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr\u0026forum_name=phppgadmin-news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/04/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=385505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5587
Vulnerability from fkie_nvd - Published: 2008-12-16 19:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html | ||
| cve@mitre.org | http://secunia.com/advisories/33014 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/33263 | ||
| cve@mitre.org | http://securityreason.com/securityalert/4737 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1693 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/32670 | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/47140 | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/7363 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33014 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33263 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4737 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1693 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/32670 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/47140 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/7363 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phppgadmin | phppgadmin | * | |
| phppgadmin | phppgadmin | 2.2 | |
| phppgadmin | phppgadmin | 2.2.1 | |
| phppgadmin | phppgadmin | 3.1 | |
| phppgadmin | phppgadmin | 3.4.1 | |
| phppgadmin | phppgadmin | 3.5 | |
| phppgadmin | phppgadmin | 3.5.2 | |
| phppgadmin | phppgadmin | 3.5.3 | |
| phppgadmin | phppgadmin | 4.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "949313AE-AAA2-47DC-89AF-F1B25AAB620C",
"versionEndIncluding": "4.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B268F49-4F3A-4D05-8079-05EB75E1AE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2CCA02-7AE3-4CF8-A514-ABCC16CDF435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23D4530-0B63-459C-B7F2-84F5866CCA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A913E0DA-8076-4850-B218-F65C8A86F370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81B74FF6-8280-4A14-B988-F58FB7915232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A673AB66-EE9C-4873-873B-72FA25F3ADB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45DAC8C2-1469-41EA-B155-A9F24A46DD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA8E6BB-8BEB-4FDF-8935-EACED78E7EA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en libraries/lib.inc.php en phpPgAdmin v4.2.1 y versiones anteriores, cuando register_globals est\u00e1 activo, permite a atacantes remotos leer ficheros de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro \"_language\" de index.php."
}
],
"id": "CVE-2008-5587",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-16T19:07:31.843",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33014"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33263"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4737"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1693"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32670"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7363"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5728
Vulnerability from fkie_nvd - Published: 2007-10-30 21:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html | Exploit | |
| cve@mitre.org | http://osvdb.org/36699 | ||
| cve@mitre.org | http://secunia.com/advisories/25446 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27756 | ||
| cve@mitre.org | http://secunia.com/advisories/33263 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1693 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_24_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24182 | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/34550 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/36699 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25446 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27756 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33263 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1693 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_24_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24182 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/34550 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phppgadmin | phppgadmin | 3.5 | |
| phppgadmin | phppgadmin | 3.5.2 | |
| phppgadmin | phppgadmin | 3.5.3 | |
| phppgadmin | phppgadmin | 4.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81B74FF6-8280-4A14-B988-F58FB7915232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A673AB66-EE9C-4873-873B-72FA25F3ADB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45DAC8C2-1469-41EA-B155-A9F24A46DD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA8E6BB-8BEB-4FDF-8935-EACED78E7EA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpPgAdmin 3.5 hasta 4.1.1, y posiblemente 4.1.2, permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante determinadas entradas disponibles en PHP_SELF en (1) redirect.php, posiblemente referido a (2) login.php, vectores distintos de CVE-2007-2865."
}
],
"id": "CVE-2007-5728",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-30T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36699"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25446"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27756"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33263"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1693"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24182"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2865
Vulnerability from fkie_nvd - Published: 2007-05-25 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=full-disclosure&m=117987658110713&w=2 | ||
| cve@mitre.org | http://osvdb.org/38138 | ||
| cve@mitre.org | http://secunia.com/advisories/27756 | ||
| cve@mitre.org | http://secunia.com/advisories/33263 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1693 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_24_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24115 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/34456 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=117987658110713&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38138 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27756 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33263 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1693 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_24_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/34456 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phppgadmin | phppgadmin | 4.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA8E6BB-8BEB-4FDF-8935-EACED78E7EA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en qledit.php de phpPgAdmin 4.1.1 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro server."
}
],
"id": "CVE-2007-2865",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-25T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=117987658110713\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38138"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27756"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33263"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1693"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24115"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=117987658110713\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2256
Vulnerability from fkie_nvd - Published: 2005-07-13 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html | ||
| cve@mitre.org | http://secunia.com/advisories/15941 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/16116 | ||
| cve@mitre.org | http://securitytracker.com/id?1014414 | Exploit | |
| cve@mitre.org | http://sourceforge.net/project/shownotes.php?release_id=342261 | ||
| cve@mitre.org | http://www.debian.org/security/2005/dsa-759 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/14142 | Exploit | |
| cve@mitre.org | http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/15941 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1014414 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?release_id=342261 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-759 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14142 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phppgadmin | phppgadmin | 3.1 | |
| phppgadmin | phppgadmin | 3.2 | |
| phppgadmin | phppgadmin | 3.3 | |
| phppgadmin | phppgadmin | 3.4 | |
| phppgadmin | phppgadmin | 3.4.1 | |
| phppgadmin | phppgadmin | 3.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23D4530-0B63-459C-B7F2-84F5866CCA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47A293B3-3E81-4B7E-8D24-EC1B57C2CD83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1893B7A4-D303-4DA7-B3C5-264413A5D473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "974D3D46-7DEB-45E5-B615-D95C2355F6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A913E0DA-8076-4850-B218-F65C8A86F370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45DAC8C2-1469-41EA-B155-A9F24A46DD56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via \"%2e%2e%2f\" (encoded dot dot) sequences in the formLanguage parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de franqueo de directorioes en phpPgAdmin 3.1 hasta la 3.5.3 permite que atacantes remotos accedan a ficheros arbitrarios mediante secuencias \"%2e%2e%2f\" en el par\u00e1metro \"formLanguage\"."
}
],
"id": "CVE-2005-2256",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-13T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15941"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16116"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1014414"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-759"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14142"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1014414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=342261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-0479
Vulnerability from fkie_nvd - Published: 2001-06-27 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13 | URL Repurposed | |
| cve@mitre.org | http://www.securityfocus.com/bid/2640 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13 | URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2640 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phppgadmin | phppgadmin | 2.2 | |
| phppgadmin | phppgadmin | 2.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B268F49-4F3A-4D05-8079-05EB75E1AE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phppgadmin:phppgadmin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2CCA02-7AE3-4CF8-A514-ABCC16CDF435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script."
}
],
"id": "CVE-2001-0479",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}