Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Phpmyadmin Subscribe
Filtered by product Phpmyadmin
Total 270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-2016 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
CVE-2007-0341 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
CVE-2007-1395 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 4.3 MEDIUM N/A
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.
CVE-2007-0204 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-5976 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 6.5 MEDIUM N/A
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
CVE-2006-6373 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 5.0 MEDIUM N/A
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.
CVE-2006-6944 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 7.5 HIGH N/A
phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
CVE-2008-1149 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 5.1 MEDIUM N/A
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
CVE-2006-6374 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 7.5 HIGH N/A
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.
CVE-2006-6943 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 5.0 MEDIUM N/A
PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php.
CVE-2007-5589 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.
CVE-2007-0203 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 10.0 HIGH N/A
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
CVE-2007-5977 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
CVE-2007-6100 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
CVE-2006-5718 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.
CVE-2006-5117 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 5.0 MEDIUM N/A
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.
CVE-2004-2632 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 7.5 HIGH N/A
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
CVE-2004-2631 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 7.5 HIGH N/A
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
CVE-2006-2031 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2005-0544 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 5.0 MEDIUM N/A
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.