Vulnerabilities > Phpmyadmin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-09-10 | CVE-2010-3263 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. | 4.3 |
2010-08-24 | CVE-2010-3056 | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. | 4.3 |
2010-01-19 | CVE-2009-4605 | Unspecified vulnerability in PHPmyadmin scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | 5.0 |
2010-01-19 | CVE-2008-7252 | Cryptographic Issues vulnerability in PHPmyadmin libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | 10.0 |
2010-01-19 | CVE-2008-7251 | Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | 10.0 |
2009-10-16 | CVE-2009-3697 | SQL Injection vulnerability in PHPmyadmin SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. | 7.5 |
2009-10-16 | CVE-2009-3696 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. | 4.3 |
2009-07-01 | CVE-2009-2284 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. | 4.3 |
2009-04-16 | CVE-2009-1285 | Code Injection vulnerability in PHPmyadmin Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files. | 7.5 |
2009-03-26 | CVE-2009-1151 | Code Injection vulnerability in PHPmyadmin Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | 7.5 |