Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

Take These Insights to the Next Level

Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.

Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.

Insights Hero

Perspectives, Insights, and News

News article image

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

News article image

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

News article image

The State of Cyberwarfare

The state of Cyberwarfare

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!

CVE-2007-1395 | Medium Severity | Armis

end tag, bypassing protection against lowercase and enabling cross-site scripting.\n","articleBody":"An incomplete blacklist vulnerability in index.php of phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to execute arbitrary JavaScript or HTML via a (db) or (table) parameter value, followed by an uppercase end tag, bypassing protection against lowercase and enabling cross-site scripting.\n\n\nThis is a historical cross-site scripting vulnerability in phpMyAdmin caused by an incomplete blacklist that fails to sanitize db and table parameters sufficiently. Attackers can craft requests that include malicious scripts and close them with an uppercase end tag, bypassing existing protection and executing in the victim’s browser.\n","datePublished":"2007-03-10T22:19:00.000Z","dateModified":"2026-05-13T09:04:52.902Z","keywords":"Medium, 2007, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2007-1395","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1395","name":"NVD CVE-2007-1395"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"4.3"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"2.38%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"85th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"NONE"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2007-1395?","acceptedAnswer":{"@type":"Answer","text":"An incomplete blacklist vulnerability in index.php of phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to execute arbitrary JavaScript or HTML via a (db) or (table) parameter value, followed by an uppercase end tag, bypassing protection against lowercase and enabling cross-site scripting.\n"}},{"@type":"Question","name":"How severe is CVE-2007-1395?","acceptedAnswer":{"@type":"Answer","text":"CVE-2007-1395 has a CVSS score of 4.3 (Medium severity). EPSS score: 2.38% (85th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2007-1395?","acceptedAnswer":{"@type":"Answer","text":"- Upgrade phpMyAdmin to a version containing the fix (at least 2.10.0 or newer) and verify that the installed version is protected against this flaw.\n- If upgrading is not possible, apply the appropriate vendor security advisories for your distribution (e.g., Debian DSA-1370, Mandriva MDKSA-2007:199) and install the corresponding patches.\n- Minimize exposure by restricting access to phpMyAdmin (e.g., require authentication, limit to trusted networks, and enforce HTTPS).\n- After applying the fix, validate remediation by testing with crafted payloads to ensure input is properly sanitized and no XSS is possible.\n- Review input handling and escaping in index.php and related modules; implement robust server-side input validation and output escaping to prevent similar issues.\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2007-1395","item":"https://cve.armis.com/CVE-2007-1395"}]}]

CVE-2007-1395:

An incomplete blacklist vulnerability in index.php of phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to execute arbitrary JavaScript or HTML via a (db) or (table) parameter value, followed by an uppercase end tag, bypassing protection against lowercase and enabling cross-site scripting.

Score
A numerical rating that indicates how dangerous this vulnerability is.

Published Date:Mar 10, 2007
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:2.4
EPSS Percentile:85%

Exploitability

Score:8.6
Attack Vector:NETWORK
Attack Complexity:LOW