Phpmyadmin

Phpmyadmin

272 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2007-0204

  • EPSS 1.28%
  • Published 11.01.2007 11:28:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

5

CVE-2007-0095

Exploit
  • EPSS 0.58%
  • Published 05.01.2007 18:28:00
  • Last modified 09.04.2025 00:30:58

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.

5

CVE-2006-6373

  • EPSS 0.38%
  • Published 07.12.2006 17:28:00
  • Last modified 09.04.2025 00:30:58

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.

7.5

CVE-2006-6374

  • EPSS 0.69%
  • Published 07.12.2006 17:28:00
  • Last modified 09.04.2025 00:30:58

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create...

4.3

CVE-2006-5718

  • EPSS 0.86%
  • Published 04.11.2006 01:07:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrat...

5.1

CVE-2006-5116

  • EPSS 3%
  • Published 03.10.2006 04:03:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) uns...

5

CVE-2006-5117

  • EPSS 0.45%
  • Published 03.10.2006 04:03:00
  • Last modified 09.04.2025 00:30:58

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.

5.8

CVE-2006-3388

  • EPSS 1.03%
  • Published 06.07.2006 20:05:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

4.3

CVE-2006-2417

  • EPSS 0.58%
  • Published 16.05.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.

6.8

CVE-2006-2418

  • EPSS 3.68%
  • Published 16.05.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.