Vulnerabilities > Phpmyadmin > Phpmyadmin > 2.9.1.1

DATE CVE VULNERABILITY TITLE RISK
2009-07-01 CVE-2009-2284 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
network
phpmyadmin CWE-79
4.3
4.3
2008-09-30 CVE-2008-4326 Cross-Site Scripting vulnerability in PHPmyadmin
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. 		4.3
4.3
2008-07-16 CVE-2008-3197 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. 		3.5
3.5
2007-11-23 CVE-2007-6100 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
network
high complexity
phpmyadmin CWE-79
2.6
2.6
2007-03-10 CVE-2007-1395 Cross-Site Scripting vulnerability in phpMyAdmin
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.
network
phpmyadmin
4.3
4.3
2007-01-05 CVE-2007-0095 Information Disclosure vulnerability in PHPmyadmin 2.9.1.1
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
network
low complexity
phpmyadmin
5.0
5.0