DEBIAN-CVE-2007-4306

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2007-4306

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-4306.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2007-4306

Upstream

CVE-2007-4306

Published

2007-08-13T21:17:00Z

Modified

2025-11-20T10:09:56.038740Z

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlimnumrows, (2) sqlquery, or (3) pos parameter to (a) tblexport.php; the (4) sessionmaxrows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) serverprivileges.php; or the (7) sqlquery parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7.

References

https://security-tracker.debian.org/tracker/CVE-2007-4306

Affected packages

Debian:11 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:5.*

4:5.0.4+dfsg2-2

4:5.0.4+dfsg2-2+deb11u1

4:5.0.4+dfsg2-2+deb11u2

4:5.1.1+dfsg1-1

4:5.1.1+dfsg1-2

4:5.1.1+dfsg1-3

4:5.1.1+dfsg1-4~bpo11+1

4:5.1.1+dfsg1-4

4:5.1.1+dfsg1-5

4:5.1.3+dfsg1-1

4:5.1.4+dfsg1-1~bpo11+1

4:5.1.4+dfsg1-1

4:5.1.4+dfsg1-2~bpo11+1

4:5.1.4+dfsg1-2

4:5.1.4+dfsg1-3

4:5.2.0+dfsg1-1

4:5.2.0+dfsg1-2

4:5.2.1+dfsg-1~bpo11+1

4:5.2.1+dfsg-1

4:5.2.1+dfsg-2

4:5.2.1+dfsg-3

4:5.2.1+dfsg-4

4:5.2.2-dev+759fe912a-1

4:5.2.2-really5.2.2+20241130+dfsg-1

4:5.2.2-really5.2.2+20241228+dfsg-1

4:5.2.2-really5.2.2+20250114+dfsg-1

4:5.2.2-really5.2.2+20250121+dfsg-1

4:5.2.2-really+dfsg-1

4:5.2.2-really+dfsg-2

4:5.2.3+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-4306.json"

Debian:12 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:5.*

4:5.2.1+dfsg-1

4:5.2.1+dfsg-1+deb12u1

4:5.2.1+dfsg-2

4:5.2.1+dfsg-3

4:5.2.1+dfsg-4

4:5.2.2-dev+759fe912a-1

4:5.2.2-really5.2.2+20241130+dfsg-1

4:5.2.2-really5.2.2+20241228+dfsg-1

4:5.2.2-really5.2.2+20250114+dfsg-1

4:5.2.2-really5.2.2+20250121+dfsg-1

4:5.2.2-really+dfsg-1

4:5.2.2-really+dfsg-2

4:5.2.3+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-4306.json"

Debian:13 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:5.*

4:5.2.2-really+dfsg-1

4:5.2.2-really+dfsg-1+deb13u1

4:5.2.2-really+dfsg-2

4:5.2.3+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-4306.json"

Debian:14 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:5.*

4:5.2.2-really+dfsg-1

4:5.2.2-really+dfsg-2

4:5.2.3+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-4306.json"