Unrated severityNVD Advisory· Published Mar 10, 2007· Updated Jun 16, 2026
CVE-2007-1395
CVE-2007-1395
Description
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase end tag, which bypasses the protection against lowercase .
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
23cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.2:*:*:*:*:*:*:*
- (no CPE)range: 2.8.0 through 2.9.2
Patches
Vulnerability mechanics
References
8- www.virtuax.be/advisories/Advisory2-24012007.txtnvdExploitVendor Advisory
- osvdb.org/35048nvd
- secunia.com/advisories/26733nvd
- securityreason.com/securityalert/2402nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/archive/1/462139/100/0/threadednvd
- www.us.debian.org/security/2007/dsa-1370nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/32858nvd
News mentions
0No linked articles in our index yet.