Filtered by vendor Phpmyadmin
Subscribe
Search
Total
268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3622 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-10-18 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. | |||||
| CVE-2016-2044 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2016-08-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | |||||
| CVE-2016-2045 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2016-08-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. | |||||
| CVE-2014-7217 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-04-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. | |||||
| CVE-2014-4955 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. | |||||
| CVE-2014-4954 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. | |||||
| CVE-2014-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-02 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. | |||||
| CVE-2014-4348 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-02 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. | |||||
| CVE-2014-1879 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-08-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. | |||||
| CVE-2011-3592 | 1 Phpmyadmin | 1 Phpmyadmin | 2014-12-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation. | |||||
| CVE-2011-3591 | 1 Phpmyadmin | 1 Phpmyadmin | 2014-12-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js. | |||||
| CVE-2014-5273 | 1 Phpmyadmin | 1 Phpmyadmin | 2014-10-16 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. | |||||
| CVE-2013-3239 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-11-19 | 4.6 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. | |||||
| CVE-2013-3241 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-11-19 | 4.0 MEDIUM | N/A |
| export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request. | |||||
| CVE-2013-3240 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-11-19 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type. | |||||
| CVE-2013-3238 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-11-19 | 6.0 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. | |||||
| CVE-2013-3742 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-09-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. | |||||
| CVE-2013-4999 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-31 | 5.0 MEDIUM | N/A |
| phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. | |||||
| CVE-2013-4998 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-31 | 5.0 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. | |||||
| CVE-2013-5001 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. | |||||
| CVE-2013-4997 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value. | |||||
| CVE-2013-5000 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-31 | 5.0 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. | |||||
| CVE-2013-4729 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-05 | 5.5 MEDIUM | N/A |
| import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request. | |||||
| CVE-2012-4345 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-04-02 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. | |||||
| CVE-2012-5368 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-01-26 | 4.3 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. | |||||
| CVE-2012-5339 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-01-26 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. | |||||
| CVE-2012-5159 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-01-26 | 7.5 HIGH | N/A |
| phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. | |||||
| CVE-2012-5469 | 2 Phpmyadmin, Wordpress | 2 Phpmyadmin, Wordpress | 2012-12-28 | 7.5 HIGH | N/A |
| The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. | |||||
| CVE-2011-4780 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-11-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. | |||||
| CVE-2011-4634 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-11-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog. | |||||
| CVE-2011-3181 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-11-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. | |||||
| CVE-2011-1940 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-11-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. | |||||
| CVE-2012-4219 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-09-07 | 5.0 MEDIUM | N/A |
| show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file. | |||||
| CVE-2012-4579 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-08-22 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. | |||||
| CVE-2011-1941 | 1 Phpmyadmin | 1 Phpmyadmin | 2012-02-06 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-4064 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-12-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. | |||||
| CVE-2011-3646 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-11-21 | 5.0 MEDIUM | N/A |
| phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. | |||||
| CVE-2008-4326 | 2 Microsoft, Phpmyadmin | 2 Internet Explorer, Phpmyadmin | 2011-03-08 | 4.3 MEDIUM | N/A |
| The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | |||||
| CVE-2007-1325 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-03-08 | 7.1 HIGH | N/A |
| The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. | |||||
| CVE-2007-0203 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-03-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. | |||||
| CVE-2006-6944 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-03-08 | 7.5 HIGH | N/A |
| phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | |||||
| CVE-2005-3301 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. | |||||
| CVE-2005-1392 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-03-08 | 4.6 MEDIUM | N/A |
| The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. | |||||
| CVE-2008-7252 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-01-28 | 10.0 HIGH | N/A |
| libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | |||||
| CVE-2010-4329 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-01-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request. | |||||
| CVE-2010-3056 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-01-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. | |||||
| CVE-2010-4480 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-01-28 | 4.3 MEDIUM | N/A |
| error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". | |||||
| CVE-2010-3055 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-01-28 | 7.5 HIGH | N/A |
| The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. | |||||
| CVE-2010-4481 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-01-28 | 5.0 MEDIUM | N/A |
| phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2010-2958 | 1 Phpmyadmin | 1 Phpmyadmin | 2010-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056. | |||||