Filtered by vendor Phpmyadmin
Subscriptions
Total
270 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2869 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. | ||||
| CVE-2005-1392 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. | ||||
| CVE-2005-3299 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. | ||||
| CVE-2005-0992 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. | ||||
| CVE-2004-2632 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | ||||
| CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | ||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
| CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | ||||
| CVE-2001-1060 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. | ||||
| CVE-2005-0653 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | ||||
| CVE-2005-0567 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. | ||||
| CVE-2001-0478 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | ||||
| CVE-2005-0544 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. | ||||
| CVE-2005-0543 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. | ||||
| CVE-2020-22452 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-01 | 9.8 Critical |
| SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. | ||||
| CVE-2023-25727 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-03-21 | 5.4 Medium |
| In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. | ||||
| CVE-2022-23808 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 6.1 Medium |
| An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | ||||
| CVE-2022-23807 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.3 Medium |
| An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. | ||||
| CVE-2022-0813 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 5.3 Medium |
| PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. | ||||
| CVE-2020-26935 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports Sle and 2 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. | ||||