Phpmyadmin CVEs and Security Vulnerabilities

Filtered by vendor Phpmyadmin Subscriptions

Search

Switch to Advanced Search (Beta)

Total 270 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2006-1804	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.
CVE-2006-1803	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.
CVE-2006-1678	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
CVE-2006-1258	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
CVE-2005-4450	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed.
CVE-2005-4079	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
CVE-2005-3787	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.
CVE-2005-3665	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
CVE-2005-3622	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
CVE-2005-3621	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
CVE-2005-3301	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
CVE-2005-3300	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.
CVE-2005-3299	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
CVE-2005-2869	1 Phpmyadmin	1 Phpmyadmin	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
CVE-2005-1392	1 Phpmyadmin	1 Phpmyadmin	2024-11-20	N/A
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.
CVE-2005-0992	1 Phpmyadmin	1 Phpmyadmin	2024-11-20	N/A
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
CVE-2005-0653	1 Phpmyadmin	1 Phpmyadmin	2024-11-20	N/A
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.
CVE-2005-0567	1 Phpmyadmin	1 Phpmyadmin	2024-11-20	N/A
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
CVE-2005-0544	1 Phpmyadmin	1 Phpmyadmin	2024-11-20	N/A
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.
CVE-2005-0543	1 Phpmyadmin	1 Phpmyadmin	2024-11-20	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

« first previous Page 13 of 14. next last »