Filtered by vendor Phpmyadmin
Subscriptions
Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4326 | 2 Microsoft, Phpmyadmin | 2 Internet Explorer, Phpmyadmin | 2025-04-09 | N/A |
| The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | ||||
| CVE-2006-6943 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. | ||||
| CVE-2007-5977 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. | ||||
| CVE-2007-4306 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7. | ||||
| CVE-2006-6944 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | ||||
| CVE-2007-5976 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. | ||||
| CVE-2007-0204 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6100 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. | ||||
| CVE-2007-5386 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2006-5718 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. | ||||
| CVE-2005-3621 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. | ||||
| CVE-2004-2632 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | ||||
| CVE-2001-0478 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | ||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
| CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | ||||
| CVE-2005-3300 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. | ||||
| CVE-2005-0459 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | ||||
| CVE-2005-0544 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. | ||||
| CVE-2006-3388 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. | ||||
| CVE-2006-2418 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. | ||||