CVE-2007-2865

phppgadmin 4.1.1 - Cross-Site Scripting via Server Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2865. PoCs published by Michal Majchrowicz.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in phpPgAdmin 4.1.1, where an attacker can inject malicious scripts via the 'server' parameter in sqledit.php. No actual exploit code is included, only a description and example URL.

Description

Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Michal Majchrowicz · textwebappsphp

https://www.exploit-db.com/exploits/30075

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in phpPgAdmin 4.1.1, where an attacker can inject malicious scripts via the 'server' parameter in sqledit.php. No actual exploit code is included, only a description and example URL.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: phpPgAdmin 4.1.1

No auth needed

Prerequisites: Access to the vulnerable phpPgAdmin instance

MITRE ATT&CK