Phpmyadmin

Phpmyadmin

272 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2010-2958

  • EPSS 0.44%
  • Published 08.09.2010 20:00:03
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a ...

4.3

CVE-2010-3056

Exploit
  • EPSS 0.76%
  • Published 24.08.2010 20:00:02
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure....

7.5

CVE-2010-3055

Exploit
  • EPSS 1.47%
  • Published 24.08.2010 20:00:01
  • Last modified 11.04.2025 00:51:21

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

10

CVE-2008-7251

  • EPSS 2.4%
  • Published 19.01.2010 16:30:00
  • Last modified 11.04.2025 00:51:21

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

10

CVE-2008-7252

  • EPSS 3.14%
  • Published 19.01.2010 16:30:00
  • Last modified 11.04.2025 00:51:21

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

5

CVE-2009-4605

  • EPSS 0.47%
  • Published 19.01.2010 16:30:00
  • Last modified 11.04.2025 00:51:21

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF...

4.3

CVE-2009-3696

  • EPSS 3.39%
  • Published 16.10.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.

7.5

CVE-2009-3697

  • EPSS 2.58%
  • Published 16.10.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.

4.3

CVE-2009-2284

  • EPSS 0.52%
  • Published 01.07.2009 13:00:01
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.

7.5

CVE-2009-1285

Exploit
  • EPSS 1.09%
  • Published 16.04.2009 15:12:57
  • Last modified 09.04.2025 00:30:58

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.