Vulnerabilities > Phpmyadmin > Phpmyadmin > 2.8.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-07-01 | CVE-2009-2284 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. | 4.3 |
2008-09-30 | CVE-2008-4326 | Cross-Site Scripting vulnerability in PHPmyadmin The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | 4.3 |
2008-07-16 | CVE-2008-3197 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. | 3.5 |
2007-11-23 | CVE-2007-6100 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. | 2.6 |
2007-03-10 | CVE-2007-1395 | Cross-Site Scripting vulnerability in phpMyAdmin Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>. network phpmyadmin | 4.3 |
2006-10-03 | CVE-2006-5117 | Information Disclosure vulnerability in phpMyAdmin phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. | 5.0 |
2006-10-03 | CVE-2006-5116 | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. | 5.1 |
2006-05-16 | CVE-2006-2417 | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.1/2.8.0.2/2.8.0.3 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. | 4.3 |
2006-03-19 | CVE-2006-1258 | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.1 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. network phpmyadmin | 4.3 |