VYPR
Vendor

Phppgadmin

Products
1
CVEs
13
Across products
13
Status
Private

Products

1

Recent CVEs

13
  • CVE-2008-5587Dec 16, 2008
    risk 0.04cvss epss 0.13

    Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.

  • CVE-2007-5728Oct 30, 2007
    risk 0.04cvss epss 0.15

    Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than…

  • CVE-2007-2865May 25, 2007
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.

  • CVE-2005-2256Jul 13, 2005
    risk 0.03cvss epss 0.05

    Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

  • CVE-2025-60799Nov 20, 2025
    risk 0.00cvss epss 0.00

    phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper…

  • CVE-2025-60796Nov 20, 2025
    risk 0.00cvss epss 0.00

    phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php,…

  • CVE-2025-60798Nov 20, 2025
    risk 0.00cvss epss 0.00

    phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this…

  • CVE-2025-60797Nov 20, 2025
    risk 0.00cvss epss 0.00

    phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via…

  • CVE-2023-40619Sep 20, 2023
    risk 0.00cvss epss 0.01

    phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in…

  • CVE-2019-10784Feb 4, 2020
    risk 0.00cvss epss 0.04

    phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in…

  • CVE-2012-1600May 14, 2014
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.

  • CVE-2011-3598Oct 8, 2011
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.

  • CVE-2001-0479Jun 27, 2001
    risk 0.00cvss epss 0.06

    Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.