CVE-2007-5977
phpMyAdmin <2.11.2.1 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
References (10)
Scores
EPSS
0.0069
EPSS Percentile
71.6%
Classification
CWE
CWE-79
Status
draft
Affected Products (1)
phpmyadmin/phpmyadmin
< 2.11.2
Timeline
Published
Nov 15, 2007
Tracked Since
Feb 18, 2026