Vulnerabilities > Phpmyadmin > Phpmyadmin > 2.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-07 | CVE-2007-1325 | Remote Denial of Service vulnerability in phpMyAdmin PMA_ArrayWalkRecursive Function The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. network phpmyadmin | 7.1 |
| 2007-01-19 | CVE-2006-6944 | Security Bypass vulnerability in phpMyAdmin phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | 7.5 |
| 2007-01-19 | CVE-2006-6943 | Improper Input Validation vulnerability in PHPmyadmin PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. | 5.0 |
| 2007-01-19 | CVE-2006-6942 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. | 6.8 |
| 2007-01-11 | CVE-2007-0204 | Input Validation vulnerability in phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network phpmyadmin | 6.8 |
| 2007-01-11 | CVE-2007-0203 | Input Validation vulnerability in phpMyAdmin Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. | 10.0 |
| 2006-07-06 | CVE-2006-3388 | Cross-Site Scripting vulnerability in PHPMyAdmin Table Parameter Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. network phpmyadmin | 5.8 |
| 2006-04-18 | CVE-2006-1803 | Cross-Site Scripting vulnerability in PHPMyAdmin Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. network phpmyadmin | 4.3 |
| 2006-04-11 | CVE-2006-1678 | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. network phpmyadmin | 4.3 |
| 2005-12-08 | CVE-2005-3665 | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. network phpmyadmin | 4.3 |