ReportizFlow
Filtered by vendor Phpmyadmin
Subscriptions
Filtered by product Phpmyadmin
Subscriptions
Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5621 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code. | ||||
| CVE-2009-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable). | ||||
| CVE-2006-6373 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. | ||||
| CVE-2009-1151 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2026-04-22 | 9.8 Critical |
| Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | ||||
| CVE-2005-3787 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. | ||||
| CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | ||||
| CVE-2005-3299 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. | ||||
| CVE-2006-2417 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031. | ||||
| CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | ||||
| CVE-2006-2418 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. | ||||
| CVE-2004-1147 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
| CVE-2005-3301 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. | ||||
| CVE-2004-2632 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | ||||
| CVE-2006-1804 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | ||||
| CVE-2005-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | 6.3 Medium |
| SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450 | ||||
| CVE-2005-0653 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | ||||
| CVE-2001-0478 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | ||||
| CVE-2005-2869 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. | ||||
| CVE-2005-3622 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. | ||||