VYPR

phpMyAdmin

by PhpMyAdmin

Source repositories

CVEs (257)

  • CVE-2005-3665Dec 8, 2005
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.

  • CVE-2005-4079Dec 8, 2005
    risk 0.00cvss epss 0.02

    The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.

  • CVE-2005-3787Nov 24, 2005
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.

  • CVE-2005-3622Nov 16, 2005
    risk 0.00cvss epss 0.02

    phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.

  • CVE-2005-3621Nov 16, 2005
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

  • CVE-2005-3300Oct 23, 2005
    risk 0.00cvss epss 0.03

    The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do…

  • CVE-2005-1392May 3, 2005
    risk 0.00cvss epss 0.00

    The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.

  • CVE-2005-0459May 2, 2005
    risk 0.00cvss epss 0.01

    phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.

  • CVE-2005-0653May 2, 2005
    risk 0.00cvss epss 0.01

    phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.

  • CVE-2005-0567May 2, 2005
    risk 0.00cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a…

  • CVE-2005-0544May 2, 2005
    risk 0.00cvss epss 0.01

    phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7)…

  • CVE-2004-1055Mar 1, 2005
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message…

  • CVE-2004-1148Jan 10, 2005
    risk 0.00cvss epss 0.01

    phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

  • CVE-2004-2632Dec 31, 2004
    risk 0.00cvss epss 0.04

    phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

  • CVE-2004-2630Dec 31, 2004
    risk 0.00cvss epss 0.03

    The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

  • CVE-2001-1060Jul 31, 2001
    risk 0.00cvss epss 0.03

    phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.

  • CVE-2001-0478Jun 27, 2001
    risk 0.00cvss epss 0.05

    Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.

Page 13 of 13