Description
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Michal Majchrowicz · textwebappsphp
https://www.exploit-db.com/exploits/30090
Nuclei Templates (1)
phpPgAdmin <=4.1.1 - Cross-Site Scripting
MEDIUMby dhiyaneshDK
Shodan:
http.title:"phpPgAdmin" || http.title:phppgadmin || cpe:"cpe:2.3:a:phppgadmin_project:phppgadmin"
FOFA:
title=phppgadmin
References (9)
Core 9
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27756
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36699
Exploit mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25446
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24182
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_24_sr.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33263
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34550
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1693
Scores
EPSS
0.0052
EPSS Percentile
66.9%
Details
CWE
CWE-79
Status
published
Products (4)
phppgadmin/phppgadmin
3.5
phppgadmin/phppgadmin
3.5.2
phppgadmin/phppgadmin
3.5.3
phppgadmin/phppgadmin
4.1.1
Published
Oct 30, 2007
Tracked Since
Feb 18, 2026