Vulnerabilities > Phpmyadmin > Phpmyadmin > 2.11.5rc1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-01-19 | CVE-2008-7252 | Cryptographic Issues vulnerability in PHPmyadmin libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | 10.0 |
2010-01-19 | CVE-2008-7251 | Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | 10.0 |
2009-07-01 | CVE-2009-2284 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. | 4.3 |
2008-09-30 | CVE-2008-4326 | Cross-Site Scripting vulnerability in PHPmyadmin The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | 4.3 |
2008-09-18 | CVE-2008-4096 | Improper Input Validation vulnerability in PHPmyadmin libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. | 8.5 |
2008-07-16 | CVE-2008-3197 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. | 3.5 |
2008-07-02 | CVE-2008-2960 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. | 2.6 |