Phpmyadmin CVE - OpenCVE

Filtered by vendor Phpmyadmin Subscriptions

Total 272 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2009-3696	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.
CVE-2008-4326	2 Microsoft, Phpmyadmin	2 Internet Explorer, Phpmyadmin	2025-04-09	N/A
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
CVE-2007-2016	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
CVE-2007-5976	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
CVE-2007-5977	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
CVE-2009-1150	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.
CVE-2007-1395	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.
CVE-2009-1148	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).
CVE-2008-3457	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.
CVE-2006-1678	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
CVE-2005-1392	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.
CVE-2005-4349	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	6.3 Medium
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450
CVE-2005-4079	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
CVE-2005-3299	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
CVE-2006-2418	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.
CVE-2006-2417	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.
CVE-2005-0653	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.
CVE-2005-2869	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
CVE-2005-3300	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.
CVE-2005-3301	1 Phpmyadmin	1 Phpmyadmin	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.

« first previous Page 11 of 14. next last »