Vulnerabilities > Phpmyadmin > Phpmyadmin > 3.4.1.0

DATE CVE VULNERABILITY TITLE RISK
2018-02-21 CVE-2018-7260 Cross-site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
phpmyadmin CWE-79
3.5
2017-01-31 CVE-2016-6621 Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
network
low complexity
phpmyadmin CWE-918
5.0
2016-07-05 CVE-2016-5097 Information Exposure vulnerability in multiple products
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
network
low complexity
opensuse phpmyadmin CWE-200
5.0
2014-12-26 CVE-2011-3592 Cross-Site Scripting vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.
network
phpmyadmin CWE-79
3.5
2014-12-26 CVE-2011-3591 Cross-Site Scripting vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js.
network
phpmyadmin CWE-79
3.5
2014-02-20 CVE-2014-1879 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
network
phpmyadmin CWE-79
3.5
2012-08-21 CVE-2012-4345 Cross-Site Scripting vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.
network
phpmyadmin CWE-79
3.5
2012-05-03 CVE-2012-1190 Cross-Site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name.
network
phpmyadmin CWE-79
4.3
2012-04-06 CVE-2012-1902 Information Exposure vulnerability in PHPmyadmin
show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.
4.3
2011-11-17 CVE-2011-4107 XXE vulnerability in multiple products
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
network
low complexity
phpmyadmin fedoraproject debian CWE-611
6.5