Vulnerabilities > Phpmyadmin > Phpmyadmin > 2.11.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-16 | CVE-2008-3197 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. | 3.5 |
2008-07-02 | CVE-2008-2960 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. | 2.6 |
2008-04-23 | CVE-2008-1924 | Information Exposure vulnerability in PHPmyadmin Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. | 3.5 |
2008-03-31 | CVE-2008-1567 | Cleartext Storage of Sensitive Information vulnerability in multiple products phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | 5.5 |
2008-03-04 | CVE-2008-1149 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. | 5.1 |
2007-11-23 | CVE-2007-6100 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. | 2.6 |
2007-11-15 | CVE-2007-5977 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. | 3.5 |
2007-11-15 | CVE-2007-5976 | SQL Injection vulnerability in PHPmyadmin SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. | 6.5 |
2007-10-19 | CVE-2007-5589 | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. | 4.3 |