VYPR

phpMyAdmin

by PhpMyAdmin

Source repositories

CVEs (257)

  • CVE-2013-3241Apr 26, 2013
    risk 0.03cvss epss 0.04

    export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.

  • CVE-2013-3240Apr 26, 2013
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

  • CVE-2010-4480Dec 8, 2010
    risk 0.03cvss epss 0.06

    error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".

  • CVE-2008-5621Dec 17, 2008
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other…

  • CVE-2008-4775Oct 28, 2008
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than…

  • CVE-2007-5589Oct 19, 2007
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c)…

  • CVE-2007-5386Oct 12, 2007
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

  • CVE-2006-6943Jan 19, 2007
    risk 0.03cvss epss 0.04

    PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array…

  • CVE-2006-6942Jan 19, 2007
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the…

  • CVE-2006-1803Apr 18, 2006
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.

  • CVE-2006-1258Mar 19, 2006
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.

  • CVE-2005-3301Oct 24, 2005
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.

  • CVE-2005-2869Sep 8, 2005
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.

  • CVE-2005-0992May 2, 2005
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.

  • CVE-2005-0543Feb 24, 2005
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in…

  • CVE-2010-3055Aug 24, 2010
    risk 0.01cvss epss 0.15

    The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

  • CVE-2019-25454Feb 20, 2026
    risk 0.00cvss epss 0.00

    phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter…

  • CVE-2019-25453Feb 20, 2026
    risk 0.00cvss epss 0.00

    phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute…

  • CVE-2019-25451Feb 20, 2026
    risk 0.00cvss epss 0.00

    phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action,…

  • CVE-2020-37116Feb 3, 2026
    risk 0.00cvss epss 0.00

    GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database…

Page 6 of 13