Phpmyadmin

Phpmyadmin

272 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2010-2958

  • EPSS 0.44%
  • Veröffentlicht 08.09.2010 20:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a ...

4.3

CVE-2010-3056

Exploit
  • EPSS 0.76%
  • Veröffentlicht 24.08.2010 20:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure....

7.5

CVE-2010-3055

Exploit
  • EPSS 1.47%
  • Veröffentlicht 24.08.2010 20:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

10

CVE-2008-7251

  • EPSS 2.4%
  • Veröffentlicht 19.01.2010 16:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

10

CVE-2008-7252

  • EPSS 3.14%
  • Veröffentlicht 19.01.2010 16:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

5

CVE-2009-4605

  • EPSS 0.47%
  • Veröffentlicht 19.01.2010 16:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF...

4.3

CVE-2009-3696

  • EPSS 3.39%
  • Veröffentlicht 16.10.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.

7.5

CVE-2009-3697

  • EPSS 2.58%
  • Veröffentlicht 16.10.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.

4.3

CVE-2009-2284

  • EPSS 0.52%
  • Veröffentlicht 01.07.2009 13:00:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.

7.5

CVE-2009-1285

Exploit
  • EPSS 1.09%
  • Veröffentlicht 16.04.2009 15:12:57
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.