Phpmyadmin CVEs and Security Vulnerabilities

Filtered by vendor Phpmyadmin Subscriptions

Filtered by product Phpmyadmin Subscriptions

Search

Switch to Advanced Search (Beta)

Total 272 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2008-1149	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
CVE-2006-5117	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.
CVE-2007-0095	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
CVE-2009-1148	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).
CVE-2006-6944	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
CVE-2007-2016	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
CVE-2008-3457	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.
CVE-2008-3197	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
CVE-2008-2960	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
CVE-2007-0341	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
CVE-2008-1924	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.
CVE-2007-1395	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.
CVE-2007-1325	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.
CVE-2007-0203	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
CVE-2007-6100	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
CVE-2008-4096	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
CVE-2007-5976	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
CVE-2008-4326	2 Microsoft, Phpmyadmin	2 Internet Explorer, Phpmyadmin	2025-04-09	N/A
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
CVE-2007-0204	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-2245	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

« first previous Page 10 of 14. next last »