Vulnerabilities > Phpmyadmin > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2020-22452 SQL Injection vulnerability in PHPmyadmin
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
network
low complexity
phpmyadmin CWE-89
critical
 9.8
9.8
2020-10-10 CVE-2020-26935 SQL Injection vulnerability in multiple products
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-89
critical
 9.8
9.8
2019-11-22 CVE-2019-18622 SQL Injection vulnerability in multiple products
An issue was discovered in phpMyAdmin before 4.9.2.
network
low complexity
phpmyadmin opensuse fedoraproject CWE-89
critical
 9.8
9.8
2019-06-05 CVE-2019-11768 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin before 4.9.0.1.
network
low complexity
phpmyadmin CWE-89
critical
 9.8
9.8
2016-12-11 CVE-2016-6629 7PK - Security Features vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive.
network
low complexity
phpmyadmin CWE-254
critical
 10.0
10
2010-01-19 CVE-2008-7252 Cryptographic Issues vulnerability in PHPmyadmin
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
network
low complexity
phpmyadmin CWE-310
critical
 10.0
10
2010-01-19 CVE-2008-7251 Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
network
low complexity
phpmyadmin CWE-264
critical
 10.0
10
2009-03-26 CVE-2009-1151 Code Injection vulnerability in multiple products
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
network
low complexity
phpmyadmin debian CWE-94
critical
 9.8
9.8
2007-01-11 CVE-2007-0203 Input Validation vulnerability in phpMyAdmin
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
network
low complexity
phpmyadmin
critical
 10.0
10
2005-01-10 CVE-2004-1147 Unspecified vulnerability in PHPmyadmin
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.
network
low complexity
phpmyadmin
critical
 10.0
10