CVE-2007-5976

Publication date 15 November 2007

Last updated 17 July 2025

Ubuntu priority

Description

SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
phpmyadmin	7.10 gutsy	Fixed 4:2.10.3-1ubuntu0.1
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

fujitsu

PMASA-2007-7 Dapper/Edgy/Feisty have a non-vulnerable version of the code.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-5976