Phpmyadmin

Phpmyadmin

272 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2013-5003

  • EPSS 0.37%
  • Published 31.07.2013 13:20:08
  • Last modified 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to s...

3.5

CVE-2013-3742

  • EPSS 0.19%
  • Published 04.07.2013 14:33:41
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted nam...

5.5

CVE-2013-4729

Exploit
  • EPSS 0.37%
  • Published 04.07.2013 14:33:41
  • Last modified 11.04.2025 00:51:21

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via...

6

CVE-2013-3238

  • EPSS 64.58%
  • Published 26.04.2013 03:34:23
  • Last modified 11.04.2025 00:51:21

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" featu...

4.6

CVE-2013-3239

Exploit
  • EPSS 12.33%
  • Published 26.04.2013 03:34:23
  • Last modified 11.04.2025 00:51:21

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of th...

6.5

CVE-2013-3240

  • EPSS 4.06%
  • Published 26.04.2013 03:34:23
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

4

CVE-2013-3241

  • EPSS 3.37%
  • Published 26.04.2013 03:34:23
  • Last modified 11.04.2025 00:51:21

export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.

6.1

CVE-2013-1937

Exploit
  • EPSS 8.11%
  • Published 16.04.2013 14:04:31
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSetting...

7.5

CVE-2012-5469

Exploit
  • EPSS 2.46%
  • Published 20.12.2012 12:02:18
  • Last modified 11.04.2025 00:51:21

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.

4.3

CVE-2012-5368

  • EPSS 0.43%
  • Published 25.10.2012 10:51:29
  • Last modified 11.04.2025 00:51:21

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.