Filtered by vendor Phpmyadmin
Subscriptions
Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1940 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. | ||||
| CVE-2011-1941 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2011-2506 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. | ||||
| CVE-2011-2508 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. | ||||
| CVE-2011-2642 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name. | ||||
| CVE-2011-2643 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. | ||||
| CVE-2011-2719 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505. | ||||
| CVE-2011-3181 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. | ||||
| CVE-2011-3646 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. | ||||
| CVE-2011-4064 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. | ||||
| CVE-2011-4780 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. | ||||
| CVE-2011-4782 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | ||||
| CVE-2012-1190 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name. | ||||
| CVE-2012-1902 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file. | ||||
| CVE-2012-4219 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file. | ||||
| CVE-2012-4579 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. | ||||
| CVE-2012-5159 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. | ||||
| CVE-2012-5339 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. | ||||
| CVE-2012-5368 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. | ||||
| CVE-2013-3240 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type. | ||||