CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Phpmyadmin Subscriptions

Filtered by product Phpmyadmin Subscriptions

Total 272 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2009-1149	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
CVE-2006-6373	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.
CVE-2008-2960	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
CVE-2008-1149	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
CVE-2007-5386	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2007-0204	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-5976	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
CVE-2009-2284	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
CVE-2007-5589	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.
CVE-2007-4306	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7.
CVE-2008-1924	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.
CVE-2007-5977	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
CVE-2006-6942	2 Debian, Phpmyadmin	2 Debian Linux, Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2008-4775	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.
CVE-2007-2245	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.
CVE-2007-0203	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
CVE-2006-5718	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.
CVE-2008-3197	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
CVE-2006-5117	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.
CVE-2006-5116	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.

« first previous Page 10 of 14. next last »