CVE-2007-6100
phpMyAdmin < 2.11.2.2 - Cross-Site Scripting via convcharset Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
References (8)
Core 8
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3943
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38601
Patch x_refsource_confirm
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-8
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27748
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26513
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
Various Sources x_refsource_misc
http://www.nth-dimension.org.uk/pub/NDSA20071119.txt.asc
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29323
Scores
EPSS
0.0054
EPSS Percentile
67.7%
Details
CWE
CWE-79
Status
published
Products (50)
phpmyadmin/phpmyadmin
2.0.0
phpmyadmin/phpmyadmin
2.0.1
phpmyadmin/phpmyadmin
2.0.2
phpmyadmin/phpmyadmin
2.0.3
phpmyadmin/phpmyadmin
2.0.4
phpmyadmin/phpmyadmin
2.0.5
phpmyadmin/phpmyadmin
2.1.0
phpmyadmin/phpmyadmin
2.1.1
phpmyadmin/phpmyadmin
2.1.2
phpmyadmin/phpmyadmin
2.2.0
... and 40 more
Published
Nov 23, 2007
Tracked Since
Feb 18, 2026