CVE-2008-3457
- EPSS 1.8%
- Veröffentlicht 04.08.2008 19:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:52
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios i...
CVE-2008-3197
- EPSS 0.98%
- Veröffentlicht 16.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:20
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) th...
CVE-2008-2960
- EPSS 1.6%
- Veröffentlicht 02.07.2008 17:14:00
- Zuletzt bearbeitet 16.06.2026 22:54:49
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libr...
CVE-2008-1924
- EPSS 1.63%
- Veröffentlicht 23.04.2008 16:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:45
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir v...
CVE-2008-1567
- EPSS 0.3%
- Veröffentlicht 31.03.2008 22:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:59
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
CVE-2008-1149
- EPSS 0.91%
- Veröffentlicht 04.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:05
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by usin...
CVE-2007-6100
- EPSS 1.31%
- Veröffentlicht 23.11.2007 20:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:24
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset ...
CVE-2007-5976
- EPSS 1.31%
- Veröffentlicht 15.11.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:11
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
CVE-2007-5977
- EPSS 1.25%
- Veröffentlicht 15.11.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:11
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a PO...
CVE-2007-5589
- EPSS 3.33%
- Veröffentlicht 19.10.2007 23:17:00
- Zuletzt bearbeitet 16.06.2026 22:46:27
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) di...