Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Phpmyadmin Subscribe
Total 270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1927 1 Phpmyadmin 1 Phpmyadmin 2016-11-28 5.0 MEDIUM 7.5 HIGH
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
CVE-2006-6943 1 Phpmyadmin 1 Phpmyadmin 2016-11-18 5.0 MEDIUM N/A
PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php.
CVE-2005-3622 1 Phpmyadmin 1 Phpmyadmin 2016-10-17 5.0 MEDIUM N/A
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
CVE-2016-2044 2 Fedoraproject, Phpmyadmin 2 Fedora, Phpmyadmin 2016-08-17 5.0 MEDIUM 5.3 MEDIUM
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-2045 2 Fedoraproject, Phpmyadmin 2 Fedora, Phpmyadmin 2016-08-02 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
CVE-2014-7217 1 Phpmyadmin 1 Phpmyadmin 2016-04-04 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.
CVE-2014-4955 1 Phpmyadmin 1 Phpmyadmin 2015-09-03 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.
CVE-2014-4954 1 Phpmyadmin 1 Phpmyadmin 2015-09-03 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.
CVE-2014-4349 1 Phpmyadmin 1 Phpmyadmin 2015-09-02 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.
CVE-2014-4348 1 Phpmyadmin 1 Phpmyadmin 2015-09-02 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.
CVE-2014-1879 1 Phpmyadmin 1 Phpmyadmin 2015-08-05 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
CVE-2011-3592 1 Phpmyadmin 1 Phpmyadmin 2014-12-29 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.
CVE-2011-3591 1 Phpmyadmin 1 Phpmyadmin 2014-12-29 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js.
CVE-2014-5273 1 Phpmyadmin 1 Phpmyadmin 2014-10-16 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.
CVE-2013-3238 1 Phpmyadmin 1 Phpmyadmin 2013-11-18 6.0 MEDIUM N/A
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
CVE-2013-3240 1 Phpmyadmin 1 Phpmyadmin 2013-11-18 6.5 MEDIUM N/A
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.
CVE-2013-3241 1 Phpmyadmin 1 Phpmyadmin 2013-11-18 4.0 MEDIUM N/A
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
CVE-2013-3239 1 Phpmyadmin 1 Phpmyadmin 2013-11-18 4.6 MEDIUM N/A
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
CVE-2013-3742 1 Phpmyadmin 1 Phpmyadmin 2013-09-06 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.
CVE-2013-5001 1 Phpmyadmin 1 Phpmyadmin 2013-07-31 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.