Vendor CVEs
PhpMyAdmin
All CVEs
313 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-0992 | 0.03 | — | 0.04 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. | |||
| CVE-2005-0543 | 0.03 | — | 0.04 | Feb 24, 2005 | Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in… | |||
| CVE-2010-3055 | 0.01 | — | 0.15 | Aug 24, 2010 | The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. | |||
| CVE-2026-56396 | 0.00 | — | 0.00 | Jun 21, 2026 | phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights… | |||
| CVE-2026-49205 | 0.00 | — | 0.00 | Jun 18, 2026 | phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 addressed this in the BackupController by adding: $this->userHasPermission(PermissionType::BACKUP). The same fix was not applied to 4… | |||
| CVE-2019-25454 | 0.00 | — | 0.00 | Feb 20, 2026 | phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter… | |||
| CVE-2019-25453 | 0.00 | — | 0.00 | Feb 20, 2026 | phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute… | |||
| CVE-2019-25451 | 0.00 | — | 0.00 | Feb 20, 2026 | phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action,… | |||
| CVE-2020-37116 | 0.00 | — | 0.00 | Feb 3, 2026 | GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database… | |||
| CVE-2025-63948 | 0.00 | — | 0.00 | Dec 18, 2025 | A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation. | |||
| CVE-2025-63947 | 0.00 | — | 0.00 | Dec 18, 2025 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated. | |||
| CVE-2023-25727 | 0.00 | — | 0.01 | Feb 13, 2023 | In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. | |||
| CVE-2020-22452 | 0.00 | — | 0.02 | Jan 26, 2023 | SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. | |||
| CVE-2022-0813 | 0.00 | — | 0.01 | Mar 9, 2022 | PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. | |||
| CVE-2022-23807 | 0.00 | — | 0.01 | Jan 22, 2022 | An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. | |||
| CVE-2022-23808 | 0.00 | — | 0.08 | Jan 22, 2022 | An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | |||
| CVE-2020-22278 | 0.00 | — | 0.02 | Nov 4, 2020 | phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents. | |||
| CVE-2020-11441 | 0.00 | — | 0.02 | Mar 31, 2020 | phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable. | |||
| CVE-2019-6798 | 0.00 | — | 0.04 | Jan 26, 2019 | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | |||
| CVE-2015-7873 | 0.00 | — | 0.03 | Oct 28, 2015 | The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. | |||
| CVE-2015-6830 | 0.00 | — | 0.10 | Sep 14, 2015 | libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single… | |||
| CVE-2015-3903 | 0.00 | — | 0.02 | May 26, 2015 | libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain… | |||
| CVE-2015-3902 | 0.00 | — | 0.01 | May 26, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2015-2206 | 0.00 | — | 0.03 | Mar 9, 2015 | libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for… | |||
| CVE-2011-3592 | 0.00 | — | 0.01 | Dec 26, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not… | |||
| CVE-2011-3591 | 0.00 | — | 0.01 | Dec 26, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations,… | |||
| CVE-2014-9219 | 0.00 | — | 0.01 | Dec 8, 2014 | Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2014-9218 | 0.00 | — | 0.11 | Dec 8, 2014 | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. | |||
| CVE-2014-8961 | 0.00 | — | 0.02 | Nov 30, 2014 | Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted… | |||
| CVE-2014-8960 | 0.00 | — | 0.02 | Nov 30, 2014 | Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | |||
| CVE-2014-8959 | 0.00 | — | 0.03 | Nov 30, 2014 | Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted… | |||
| CVE-2014-8958 | 0.00 | — | 0.02 | Nov 30, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is… | |||
| CVE-2014-6300 | 0.00 | — | 0.02 | Nov 8, 2014 | Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery… | |||
| CVE-2014-8326 | 0.00 | — | 0.02 | Nov 5, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the… | |||
| CVE-2014-7217 | 0.00 | — | 0.02 | Oct 3, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering… | |||
| CVE-2014-5274 | 0.00 | — | 0.01 | Aug 22, 2014 | Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. | |||
| CVE-2014-5273 | 0.00 | — | 0.02 | Aug 22, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor… | |||
| CVE-2014-4987 | 0.00 | — | 0.01 | Jul 20, 2014 | server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. | |||
| CVE-2014-4986 | 0.00 | — | 0.02 | Jul 20, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that… | |||
| CVE-2014-4955 | 0.00 | — | 0.01 | Jul 20, 2014 | Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a… | |||
| CVE-2014-4954 | 0.00 | — | 0.01 | Jul 20, 2014 | Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled… | |||
| CVE-2014-4349 | 0.00 | — | 0.02 | Jun 25, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. | |||
| CVE-2014-4348 | 0.00 | — | 0.02 | Jun 25, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or… | |||
| CVE-2014-1879 | 0.00 | — | 0.01 | Feb 20, 2014 | Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. | |||
| CVE-2014-0814 | 0.00 | — | 0.02 | Feb 14, 2014 | Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-0813 | 0.00 | — | 0.01 | Feb 14, 2014 | Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. | |||
| CVE-2013-5029 | 0.00 | — | 0.02 | Aug 19, 2013 | phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. | |||
| CVE-2013-5003 | 0.00 | — | 0.02 | Jul 31, 2013 | Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. | |||
| CVE-2013-5002 | 0.00 | — | 0.01 | Jul 31, 2013 | Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. | |||
| CVE-2013-5001 | 0.00 | — | 0.01 | Jul 31, 2013 | Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a… |
- CVE-2005-0992May 2, 2005risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
- CVE-2005-0543Feb 24, 2005risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in…
- CVE-2010-3055Aug 24, 2010risk 0.01cvss —epss 0.15
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
- CVE-2026-56396Jun 21, 2026risk 0.00cvss —epss 0.00
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights…
- CVE-2026-49205Jun 18, 2026risk 0.00cvss —epss 0.00
phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 addressed this in the BackupController by adding: $this->userHasPermission(PermissionType::BACKUP). The same fix was not applied to 4…
- CVE-2019-25454Feb 20, 2026risk 0.00cvss —epss 0.00
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter…
- CVE-2019-25453Feb 20, 2026risk 0.00cvss —epss 0.00
phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute…
- CVE-2019-25451Feb 20, 2026risk 0.00cvss —epss 0.00
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action,…
- CVE-2020-37116Feb 3, 2026risk 0.00cvss —epss 0.00
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database…
- CVE-2025-63948Dec 18, 2025risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation.
- CVE-2025-63947Dec 18, 2025risk 0.00cvss —epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated.
- CVE-2023-25727Feb 13, 2023risk 0.00cvss —epss 0.01
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
- CVE-2020-22452Jan 26, 2023risk 0.00cvss —epss 0.02
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
- CVE-2022-0813Mar 9, 2022risk 0.00cvss —epss 0.01
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
- CVE-2022-23807Jan 22, 2022risk 0.00cvss —epss 0.01
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
- CVE-2022-23808Jan 22, 2022risk 0.00cvss —epss 0.08
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
- CVE-2020-22278Nov 4, 2020risk 0.00cvss —epss 0.02
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.
- CVE-2020-11441Mar 31, 2020risk 0.00cvss —epss 0.02
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.
- CVE-2019-6798Jan 26, 2019risk 0.00cvss —epss 0.04
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
- CVE-2015-7873Oct 28, 2015risk 0.00cvss —epss 0.03
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
- CVE-2015-6830Sep 14, 2015risk 0.00cvss —epss 0.10
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single…
- CVE-2015-3903May 26, 2015risk 0.00cvss —epss 0.02
libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain…
- CVE-2015-3902May 26, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that…
- CVE-2015-2206Mar 9, 2015risk 0.00cvss —epss 0.03
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for…
- CVE-2011-3592Dec 26, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not…
- CVE-2011-3591Dec 26, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations,…
- CVE-2014-9219Dec 8, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
- CVE-2014-9218Dec 8, 2014risk 0.00cvss —epss 0.11
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.
- CVE-2014-8961Nov 30, 2014risk 0.00cvss —epss 0.02
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted…
- CVE-2014-8960Nov 30, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
- CVE-2014-8959Nov 30, 2014risk 0.00cvss —epss 0.03
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted…
- CVE-2014-8958Nov 30, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is…
- CVE-2014-6300Nov 8, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery…
- CVE-2014-8326Nov 5, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the…
- CVE-2014-7217Oct 3, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering…
- CVE-2014-5274Aug 22, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.
- CVE-2014-5273Aug 22, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor…
- CVE-2014-4987Jul 20, 2014risk 0.00cvss —epss 0.01
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.
- CVE-2014-4986Jul 20, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that…
- CVE-2014-4955Jul 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a…
- CVE-2014-4954Jul 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled…
- CVE-2014-4349Jun 25, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.
- CVE-2014-4348Jun 25, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or…
- CVE-2014-1879Feb 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
- CVE-2014-0814Feb 14, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-0813Feb 14, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
- CVE-2013-5029Aug 19, 2013risk 0.00cvss —epss 0.02
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
- CVE-2013-5003Jul 31, 2013risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.
- CVE-2013-5002Jul 31, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.
- CVE-2013-5001Jul 31, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a…
Page 4 of 7