Vulnerabilities > Phpmyadmin > Phpmyadmin > 2.1.2

DATE CVE VULNERABILITY TITLE RISK
2009-07-01 CVE-2009-2284 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
network
phpmyadmin CWE-79
4.3
2008-09-30 CVE-2008-4326 Cross-Site Scripting vulnerability in PHPmyadmin
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
4.3
2008-09-18 CVE-2008-4096 Improper Input Validation vulnerability in PHPmyadmin
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
network
phpmyadmin CWE-20
8.5
2008-08-04 CVE-2008-3457 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments.
network
high complexity
phpmyadmin CWE-79
2.6
2008-08-04 CVE-2008-3456 Link Following vulnerability in PHPmyadmin
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.
network
low complexity
phpmyadmin CWE-59
6.4
2008-07-16 CVE-2008-3197 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
3.5
2007-11-23 CVE-2007-6100 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
network
high complexity
phpmyadmin CWE-79
2.6
2006-07-06 CVE-2006-3388 Cross-Site Scripting vulnerability in PHPMyAdmin Table Parameter
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.
network
phpmyadmin
5.8
2006-04-11 CVE-2006-1678 Cross-Site Scripting vulnerability in PHPMyAdmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
network
phpmyadmin
4.3
2005-12-08 CVE-2005-3665 Cross-Site Scripting vulnerability in PHPMyAdmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
network
phpmyadmin
4.3