Vulnerabilities > Phpmyadmin

DATE CVE VULNERABILITY TITLE RISK
2009-03-26 CVE-2009-1150 Cross-Site Scripting vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.
network
phpmyadmin CWE-79
4.3
4.3
2009-03-26 CVE-2009-1149 Improper Input Validation vulnerability in PHPmyadmin
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
network
low complexity
phpmyadmin CWE-20
7.5
7.5
2009-03-26 CVE-2009-1148 Path Traversal vulnerability in PHPmyadmin
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).
network
low complexity
phpmyadmin CWE-22
5.0
5.0
2008-12-17 CVE-2008-5621 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. 		6.0
6.0
2008-10-28 CVE-2008-4775 Cross-Site Scripting vulnerability in PHPmyadmin 2.11.9.2/3.0.0/3.0.1
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.
network
high complexity
phpmyadmin CWE-79
2.6
2.6
2008-09-30 CVE-2008-4326 Cross-Site Scripting vulnerability in PHPmyadmin
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. 		4.3
4.3
2008-09-18 CVE-2008-4096 Improper Input Validation vulnerability in PHPmyadmin
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
network
phpmyadmin CWE-20
8.5
8.5
2008-08-04 CVE-2008-3457 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments.
network
high complexity
phpmyadmin CWE-79
2.6
2.6
2008-08-04 CVE-2008-3456 Link Following vulnerability in PHPmyadmin
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.
network
low complexity
phpmyadmin CWE-59
6.4
6.4
2008-07-16 CVE-2008-3197 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. 		3.5
3.5