Vulnerabilities > Phpmyadmin > Phpmyadmin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-05 | CVE-2007-0095 | Information Disclosure vulnerability in PHPmyadmin 2.9.1.1 phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | 5.0 |
| 2006-12-07 | CVE-2006-6374 | Remote Security vulnerability in PHPmyadmin 2.7.0Pl2 Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. | 7.5 |
| 2006-12-07 | CVE-2006-6373 | Information Disclosure vulnerability in PHPmyadmin 2.7.0Pl2 PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. | 5.0 |
| 2006-11-04 | CVE-2006-5718 | Cross-Site Scripting vulnerability in PHPMyAdmin UTF-7 Encoding Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. network phpmyadmin | 4.3 |
| 2006-10-03 | CVE-2006-5117 | Information Disclosure vulnerability in phpMyAdmin phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. | 5.0 |
| 2006-10-03 | CVE-2006-5116 | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. | 5.1 |
| 2006-07-06 | CVE-2006-3388 | Cross-Site Scripting vulnerability in PHPMyAdmin Table Parameter Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. network phpmyadmin | 5.8 |
| 2006-05-16 | CVE-2006-2418 | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.3 Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. network phpmyadmin | 6.8 |
| 2006-05-16 | CVE-2006-2417 | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.1/2.8.0.2/2.8.0.3 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. | 4.3 |
| 2006-04-26 | CVE-2006-2031 | Cross-Site Scripting vulnerability in phpMyAdmin Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 2.6 |