Filtered by vendor Phpmyadmin
Subscribe
Total
270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2718 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php. | |||||
| CVE-2010-4329 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request. | |||||
| CVE-2011-2507 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 6.5 MEDIUM | N/A |
| libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array. | |||||
| CVE-2012-4345 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. | |||||
| CVE-2011-4634 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog. | |||||
| CVE-2011-4064 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. | |||||
| CVE-2012-5368 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. | |||||
| CVE-2010-3056 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. | |||||
| CVE-2013-5002 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. | |||||
| CVE-2008-7252 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 10.0 HIGH | N/A |
| libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | |||||
| CVE-2011-4107 | 3 Debian, Fedoraproject, Phpmyadmin | 3 Debian Linux, Fedora, Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | |||||
| CVE-2013-5029 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | N/A |
| phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. | |||||
| CVE-2011-0987 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 6.5 MEDIUM | N/A |
| The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. | |||||
| CVE-2013-5003 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. | |||||
| CVE-2013-4998 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 5.0 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. | |||||
| CVE-2013-5000 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 5.0 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. | |||||
| CVE-2013-5001 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. | |||||
| CVE-2011-2508 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. | |||||
| CVE-2011-1941 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-3646 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 5.0 MEDIUM | N/A |
| phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. | |||||