Filtered by vendor Phpmyadmin
Subscribe
Total
269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1392 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 4.6 MEDIUM | N/A |
| The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. | |||||
| CVE-2005-0992 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. | |||||
| CVE-2005-0653 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 4.6 MEDIUM | N/A |
| phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | |||||
| CVE-2005-0567 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0544 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0543 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. | |||||
| CVE-2005-0459 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | |||||
| CVE-2004-2632 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 7.5 HIGH | N/A |
| phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | |||||
| CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | |||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 7.5 HIGH | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 5.0 MEDIUM | N/A |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | |||||
| CVE-2004-1147 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 10.0 HIGH | N/A |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2004-1055 | 2 Gentoo, Phpmyadmin | 2 Linux, Phpmyadmin | 2024-11-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. | |||||
| CVE-2004-0129 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. | |||||
| CVE-2001-1060 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 7.5 HIGH | N/A |
| phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. | |||||
| CVE-2001-0478 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | |||||
| CVE-2005-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-08 | 6.5 MEDIUM | N/A |
| ** DISPUTED ** SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450. | |||||
| CVE-2013-1937 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable." | |||||
| CVE-2020-22278 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents." | |||||
| CVE-2020-11441 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable." | |||||