ReportizFlow
Filtered by vendor Phpmyadmin
Subscriptions
Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2508 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. | ||||
| CVE-2008-7251 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | ||||
| CVE-2010-3056 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. | ||||
| CVE-2010-4329 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request. | ||||
| CVE-2011-0986 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. | ||||
| CVE-2011-1940 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. | ||||
| CVE-2011-4780 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. | ||||
| CVE-2012-5339 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. | ||||
| CVE-2010-4480 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". | ||||
| CVE-2007-0095 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | ||||
| CVE-2008-2960 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. | ||||
| CVE-2007-2016 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. | ||||
| CVE-2007-5386 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2009-3696 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. | ||||
| CVE-2009-3697 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. | ||||
| CVE-2008-1149 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. | ||||
| CVE-2007-1325 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. | ||||
| CVE-2009-1149 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters. | ||||
| CVE-2009-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable). | ||||
| CVE-2006-6943 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. | ||||