VYPR

Vendor CVEs

PhpMyAdmin

All CVEs

313 total · sorted by risk
  • CVE-2005-0567May 2, 2005
    risk 0.00cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a…

  • CVE-2005-0653May 2, 2005
    risk 0.00cvss epss 0.01

    phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.

  • CVE-2005-0544May 2, 2005
    risk 0.00cvss epss 0.01

    phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7)…

  • CVE-2005-0459May 2, 2005
    risk 0.00cvss epss 0.01

    phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.

  • CVE-2005-0702Mar 7, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.

  • CVE-2004-1055Mar 1, 2005
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message…

  • CVE-2004-1148Jan 10, 2005
    risk 0.00cvss epss 0.01

    phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

  • CVE-2004-2632Dec 31, 2004
    risk 0.00cvss epss 0.04

    phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

  • CVE-2004-2255Dec 31, 2004
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.

  • CVE-2004-2256Dec 31, 2004
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.

  • CVE-2004-2630Dec 31, 2004
    risk 0.00cvss epss 0.03

    The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

  • CVE-2001-1060Jul 31, 2001
    risk 0.00cvss epss 0.03

    phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.

  • CVE-2001-0478Jun 27, 2001
    risk 0.00cvss epss 0.05

    Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.

Page 7 of 7