Vulnerabilities > Phpmyadmin

DATE CVE VULNERABILITY TITLE RISK
2012-08-21 CVE-2012-4579 Cross-Site Scripting vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.
network
phpmyadmin CWE-79
3.5
2012-08-21 CVE-2012-4345 Cross-Site Scripting vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.
network
phpmyadmin CWE-79
3.5
2012-08-21 CVE-2012-4219 Information Exposure vulnerability in PHPmyadmin 3.5.0.0/3.5.1.0/3.5.2.0
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.
network
low complexity
phpmyadmin CWE-200
5.0
2012-05-03 CVE-2012-1190 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name.
network
phpmyadmin CWE-79
4.3
2012-04-06 CVE-2012-1902 Information Exposure vulnerability in PHPmyadmin
show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.
4.3
2011-11-17 CVE-2011-4107 XXE vulnerability in multiple products
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
network
low complexity
phpmyadmin fedoraproject debian CWE-611
6.5
2011-11-17 CVE-2011-3646 Improper Input Validation vulnerability in PHPmyadmin
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.
network
low complexity
phpmyadmin CWE-20
5.0
2011-11-01 CVE-2011-4064 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value.
network
phpmyadmin CWE-79
4.3
2011-08-29 CVE-2011-3181 Cross-Site Scripting vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name.
network
phpmyadmin CWE-79
4.3
2010-12-08 CVE-2010-4480 Cross-Site Scripting vulnerability in PHPmyadmin 3.3.8.1/3.3.9.0
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
network
phpmyadmin CWE-79
4.3