Vulnerabilities > Phpmyadmin > Phpmyadmin > 2.2.rc3

DATE CVE VULNERABILITY TITLE RISK
2009-07-01 CVE-2009-2284 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
network
phpmyadmin CWE-79
4.3
2008-09-30 CVE-2008-4326 Cross-Site Scripting vulnerability in PHPmyadmin
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
4.3
2008-07-16 CVE-2008-3197 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
3.5
2006-07-06 CVE-2006-3388 Cross-Site Scripting vulnerability in PHPMyAdmin Table Parameter
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.
network
phpmyadmin
5.8
2005-12-08 CVE-2005-3665 Cross-Site Scripting vulnerability in PHPMyAdmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
network
phpmyadmin
4.3
2005-09-08 CVE-2005-2869 Unspecified vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
network
phpmyadmin
4.3
2005-05-02 CVE-2005-0992 Cross-Site Scripting vulnerability in PHPMyAdmin Convcharset
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
network
phpmyadmin
4.3
2005-05-02 CVE-2005-0459 Remote Security vulnerability in phpMyAdmin
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.
network
low complexity
phpmyadmin
5.0
2004-03-03 CVE-2004-0129 Unspecified vulnerability in PHPmyadmin
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via ..
network
low complexity
phpmyadmin
5.0
2001-07-31 CVE-2001-1060 Unspecified vulnerability in PHPmyadmin
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.
network
low complexity
phpmyadmin
7.5