Vulnerabilities > Phpmyadmin > High

DATE CVE VULNERABILITY TITLE RISK
2007-01-19 CVE-2006-6944 Security Bypass vulnerability in phpMyAdmin
phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
network
low complexity
phpmyadmin
7.5
2006-12-07 CVE-2006-6374 Remote Security vulnerability in PHPmyadmin 2.7.0Pl2
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.
network
low complexity
phpmyadmin
7.5
2006-04-18 CVE-2006-1804 SQL-Injection vulnerability in PHPmyadmin 2.7.0Pl1/2.8.0.3
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.
network
low complexity
phpmyadmin
7.5
2005-12-21 CVE-2005-4450 Cross-Site Request Forgery vulnerability in PHPmyadmin 2.7.0Pl1
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters.
network
low complexity
phpmyadmin
7.5
2005-05-02 CVE-2005-0567 Local File Include vulnerability in PHPmyadmin 2.6.1
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
network
low complexity
phpmyadmin
7.5
2004-12-31 CVE-2004-2632 Input Validation vulnerability in phpMyAdmin
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
network
low complexity
phpmyadmin
7.5
2004-12-31 CVE-2004-2631 Input Validation vulnerability in phpMyAdmin
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
network
low complexity
phpmyadmin
7.5
2004-12-31 CVE-2004-2630 Remote Command Execution vulnerability in phpMyAdmin
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
network
low complexity
phpmyadmin
7.5
2001-07-31 CVE-2001-1060 Unspecified vulnerability in PHPmyadmin
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.
network
low complexity
phpmyadmin
7.5
2001-06-27 CVE-2001-0478 Unspecified vulnerability in PHPmyadmin
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a ..
network
low complexity
phpmyadmin
7.5