Filtered by vendor Phpmyadmin
Subscriptions
Filtered by product Phpmyadmin
Subscriptions
Total
270 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-4999 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-17 | N/A |
phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. | ||||
CVE-2013-3742 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. | ||||
CVE-2011-3646 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-17 | N/A |
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. | ||||
CVE-2012-5469 | 2 Phpmyadmin, Wordpress | 2 Phpmyadmin, Wordpress | 2024-09-17 | N/A |
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. | ||||
CVE-2022-0813 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-16 | 5.3 Medium |
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. | ||||
CVE-2013-5001 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. | ||||
CVE-2013-5029 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2024-09-16 | N/A |
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. | ||||
CVE-2005-4450 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed. | ||||
CVE-2013-4997 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value. | ||||
CVE-2013-5000 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-16 | N/A |
phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. | ||||
CVE-2012-4579 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. | ||||
CVE-2011-1941 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-16 | N/A |
Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
CVE-2013-4998 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-16 | N/A |
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. | ||||
CVE-2013-4729 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-09-16 | N/A |
import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request. | ||||
CVE-2001-1060 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-08 | N/A |
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. | ||||
CVE-2001-0478 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-08 | N/A |
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | ||||
CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-08 | N/A |
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | ||||
CVE-2004-2632 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-08 | N/A |
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | ||||
CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-08 | N/A |
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-08 | N/A |
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. |