Vulnerabilities > Phpmyadmin > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-19 | CVE-2006-6944 | Security Bypass vulnerability in phpMyAdmin phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | 7.5 |
2006-12-07 | CVE-2006-6374 | Remote Security vulnerability in PHPmyadmin 2.7.0Pl2 Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. | 7.5 |
2006-04-18 | CVE-2006-1804 | SQL-Injection vulnerability in PHPmyadmin 2.7.0Pl1/2.8.0.3 SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | 7.5 |
2005-12-21 | CVE-2005-4450 | Cross-Site Request Forgery vulnerability in PHPmyadmin 2.7.0Pl1 Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. | 7.5 |
2005-05-02 | CVE-2005-0567 | Local File Include vulnerability in PHPmyadmin 2.6.1 Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. | 7.5 |
2004-12-31 | CVE-2004-2632 | Input Validation vulnerability in phpMyAdmin phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | 7.5 |
2004-12-31 | CVE-2004-2631 | Input Validation vulnerability in phpMyAdmin Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | 7.5 |
2004-12-31 | CVE-2004-2630 | Remote Command Execution vulnerability in phpMyAdmin The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | 7.5 |
2001-07-31 | CVE-2001-1060 | Unspecified vulnerability in PHPmyadmin phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. | 7.5 |
2001-06-27 | CVE-2001-0478 | Unspecified vulnerability in PHPmyadmin Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. | 7.5 |