Vulnerabilities > Phpmyadmin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-24 | CVE-2005-3301 | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. network phpmyadmin | 4.3 |
| 2005-10-23 | CVE-2005-3300 | Local File Inclusion vulnerability in PHPmyadmin 2.6.4Pl3 The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. | 5.0 |
| 2005-10-23 | CVE-2005-3299 | Local File Include vulnerability in PHPmyadmin 2.6.4/2.6.4Pl1 PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. | 5.0 |
| 2005-09-08 | CVE-2005-2869 | Unspecified vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. network phpmyadmin | 4.3 |
| 2005-05-03 | CVE-2005-1392 | Unspecified vulnerability in PHPmyadmin 2.6.2 The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. | 4.6 |
| 2005-05-02 | CVE-2005-0992 | Cross-Site Scripting vulnerability in PHPMyAdmin Convcharset Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. network phpmyadmin | 4.3 |
| 2005-05-02 | CVE-2005-0653 | Local Security vulnerability in PHPmyadmin 2.6.1 phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | 4.6 |
| 2005-05-02 | CVE-2005-0567 | Local File Include vulnerability in PHPmyadmin 2.6.1 Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-05-02 | CVE-2005-0544 | Remote Security vulnerability in PHPmyadmin 2.6.1 phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-0459 | Remote Security vulnerability in phpMyAdmin phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | 5.0 |