Phpmyadmin

Phpmyadmin

272 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.6

CVE-2006-2031

Exploit
  • EPSS 0.41%
  • Published 26.04.2006 00:06:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3

CVE-2006-1803

Exploit
  • EPSS 8.97%
  • Published 18.04.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.

7.5

CVE-2006-1804

Exploit
  • EPSS 0.96%
  • Published 18.04.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.

4.3

CVE-2006-1678

  • EPSS 1.03%
  • Published 11.04.2006 00:02:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.

4.3

CVE-2006-1258

Exploit
  • EPSS 8.43%
  • Published 19.03.2006 01:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.

7.5

CVE-2005-4450

  • EPSS 0.43%
  • Published 21.12.2005 11:03:00
  • Last modified 03.04.2025 01:03:51

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters...

6.5

CVE-2005-4349

  • EPSS 1.66%
  • Published 19.12.2005 11:03:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issu...

4.3

CVE-2005-3665

  • EPSS 1.12%
  • Published 08.12.2005 11:03:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generati...

5

CVE-2005-4079

  • EPSS 1.61%
  • Published 08.12.2005 01:03:00
  • Last modified 03.04.2025 01:03:51

The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.

4.3

CVE-2005-3787

  • EPSS 0.43%
  • Published 24.11.2005 01:03:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.