Vulnerabilities > Phpmyadmin > Phpmyadmin > 2.8.0.2

DATE CVE VULNERABILITY TITLE RISK
2009-07-01 CVE-2009-2284 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
network
phpmyadmin CWE-79
4.3
4.3
2008-09-30 CVE-2008-4326 Cross-Site Scripting vulnerability in PHPmyadmin
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. 		4.3
4.3
2008-07-16 CVE-2008-3197 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. 		3.5
3.5
2007-11-23 CVE-2007-6100 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
network
high complexity
phpmyadmin CWE-79
2.6
2.6
2007-03-10 CVE-2007-1395 Cross-Site Scripting vulnerability in phpMyAdmin
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.
network
phpmyadmin
4.3
4.3
2006-10-03 CVE-2006-5117 Information Disclosure vulnerability in phpMyAdmin
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.
network
low complexity
phpmyadmin
5.0
5.0
2006-10-03 CVE-2006-5116 Cross-Site Scripting vulnerability in PHPMyAdmin
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php.
network
high complexity
phpmyadmin
5.1
5.1
2006-05-16 CVE-2006-2417 Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.1/2.8.0.2/2.8.0.3
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts.
network
phpmyadmin CWE-79
4.3
4.3
2006-04-26 CVE-2006-2031 Cross-Site Scripting vulnerability in phpMyAdmin
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
network
high complexity
phpmyadmin
2.6
2.6