Vulnerabilities > Phpmyadmin

DATE CVE VULNERABILITY TITLE RISK
2005-10-24 CVE-2005-3301 Cross-Site Scripting vulnerability in PHPMyAdmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
network
phpmyadmin
4.3
2005-10-23 CVE-2005-3300 Local File Inclusion vulnerability in PHPmyadmin 2.6.4Pl3
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.
network
low complexity
phpmyadmin
5.0
2005-10-23 CVE-2005-3299 Local File Include vulnerability in PHPmyadmin 2.6.4/2.6.4Pl1
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
network
low complexity
phpmyadmin
5.0
2005-09-08 CVE-2005-2869 Unspecified vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
network
phpmyadmin
4.3
2005-05-03 CVE-2005-1392 Unspecified vulnerability in PHPmyadmin 2.6.2
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.
local
low complexity
phpmyadmin
4.6
2005-05-02 CVE-2005-0992 Cross-Site Scripting vulnerability in PHPMyAdmin Convcharset
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
network
phpmyadmin
4.3
2005-05-02 CVE-2005-0653 Local Security vulnerability in PHPmyadmin 2.6.1
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.
local
low complexity
phpmyadmin
4.6
2005-05-02 CVE-2005-0567 Local File Include vulnerability in PHPmyadmin 2.6.1
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
network
low complexity
phpmyadmin
7.5
2005-05-02 CVE-2005-0544 Remote Security vulnerability in PHPmyadmin 2.6.1
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.
network
low complexity
phpmyadmin
5.0
2005-05-02 CVE-2005-0459 Remote Security vulnerability in phpMyAdmin
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.
network
low complexity
phpmyadmin
5.0