Vulnerabilities > Phpmyadmin > Phpmyadmin > 2.11.2.1

DATE CVE VULNERABILITY TITLE RISK
2018-02-21 CVE-2018-7260 Cross-site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
phpmyadmin CWE-79
5.4
2017-01-31 CVE-2016-6621 Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
network
low complexity
phpmyadmin CWE-918
8.6
2016-07-05 CVE-2016-5097 Information Exposure vulnerability in multiple products
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
network
low complexity
opensuse phpmyadmin CWE-200
5.3
2009-03-26 CVE-2009-1151 Code Injection vulnerability in multiple products
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
network
low complexity
phpmyadmin debian CWE-94
critical
9.8
2008-03-31 CVE-2008-1567 Cleartext Storage of Sensitive Information vulnerability in multiple products
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
5.5