Phppgadmin

Phppgadmin

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-47853

Exploit
  • EPSS 0.26%
  • Veröffentlicht 21.01.2026 17:27:37
  • Zuletzt bearbeitet 01.02.2026 12:15:53

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

6.1

CVE-2025-60796

  • EPSS 0.06%
  • Veröffentlicht 20.11.2025 00:00:00
  • Zuletzt bearbeitet 25.11.2025 19:15:25

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locati...

6.5

CVE-2025-60797

  • EPSS 0.04%
  • Veröffentlicht 20.11.2025 00:00:00
  • Zuletzt bearbeitet 25.11.2025 19:13:30

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $da...

6.5

CVE-2025-60798

  • EPSS 0.04%
  • Veröffentlicht 20.11.2025 00:00:00
  • Zuletzt bearbeitet 25.11.2025 19:11:51

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated a...

6.1

CVE-2025-60799

  • EPSS 0.01%
  • Veröffentlicht 20.11.2025 00:00:00
  • Zuletzt bearbeitet 25.11.2025 19:08:52

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database'...

4.3

CVE-2011-3598

  • EPSS 0.72%
  • Veröffentlicht 08.10.2011 02:52:52
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to ...

4.3

CVE-2008-5587

Exploit
  • EPSS 2.31%
  • Veröffentlicht 16.12.2008 19:07:31
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.

4.3

CVE-2007-5728

Exploit
  • EPSS 0.52%
  • Veröffentlicht 30.10.2007 21:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, di...

9.3

CVE-2007-2865

  • EPSS 4.31%
  • Veröffentlicht 25.05.2007 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.

5

CVE-2005-2256

Exploit
  • EPSS 12.52%
  • Veröffentlicht 13.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.