Filtered by vendor Phpmyadmin
Subscriptions
Total
270 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3388 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. | ||||
| CVE-2006-2418 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. | ||||
| CVE-2006-2417 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031. | ||||
| CVE-2006-2031 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||||
| CVE-2006-1804 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | ||||
| CVE-2006-1803 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. | ||||
| CVE-2006-1678 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. | ||||
| CVE-2006-1258 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. | ||||
| CVE-2004-1055 | 2 Gentoo, Phpmyadmin | 2 Linux, Phpmyadmin | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. | ||||
| CVE-2004-0129 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. | ||||
| CVE-2005-0459 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | ||||
| CVE-2005-3787 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. | ||||
| CVE-2004-1147 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2005-4450 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed. | ||||
| CVE-2005-4079 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables. | ||||
| CVE-2005-3665 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. | ||||
| CVE-2005-3622 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. | ||||
| CVE-2005-3621 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. | ||||
| CVE-2005-3301 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. | ||||
| CVE-2005-3300 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. | ||||