Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Phpmyadmin Subscribe
Filtered by product Phpmyadmin
Total 270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1325 1 Phpmyadmin 1 Phpmyadmin 2011-03-07 7.1 HIGH N/A
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.
CVE-2007-0203 1 Phpmyadmin 1 Phpmyadmin 2011-03-07 10.0 HIGH N/A
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
CVE-2006-6944 1 Phpmyadmin 1 Phpmyadmin 2011-03-07 7.5 HIGH N/A
phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
CVE-2005-3301 1 Phpmyadmin 1 Phpmyadmin 2011-03-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
CVE-2005-1392 1 Phpmyadmin 1 Phpmyadmin 2011-03-07 4.6 MEDIUM N/A
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.
CVE-2010-3055 1 Phpmyadmin 1 Phpmyadmin 2011-01-27 7.5 HIGH N/A
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
CVE-2010-4480 1 Phpmyadmin 1 Phpmyadmin 2011-01-27 4.3 MEDIUM N/A
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
CVE-2008-7252 1 Phpmyadmin 1 Phpmyadmin 2011-01-27 10.0 HIGH N/A
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
CVE-2010-4481 1 Phpmyadmin 1 Phpmyadmin 2011-01-27 5.0 MEDIUM N/A
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2010-4329 1 Phpmyadmin 1 Phpmyadmin 2011-01-27 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.
CVE-2010-3056 1 Phpmyadmin 1 Phpmyadmin 2011-01-27 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.
CVE-2010-2958 1 Phpmyadmin 1 Phpmyadmin 2010-09-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056.
CVE-2009-4605 1 Phpmyadmin 1 Phpmyadmin 2010-05-05 5.0 MEDIUM N/A
scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
CVE-2008-7251 1 Phpmyadmin 1 Phpmyadmin 2010-05-05 10.0 HIGH N/A
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
CVE-2009-2284 1 Phpmyadmin 1 Phpmyadmin 2009-08-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
CVE-2009-1150 1 Phpmyadmin 1 Phpmyadmin 2009-07-14 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.
CVE-2009-1285 1 Phpmyadmin 1 Phpmyadmin 2009-04-27 7.5 HIGH N/A
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
CVE-2009-1149 1 Phpmyadmin 1 Phpmyadmin 2009-04-15 7.5 HIGH N/A
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
CVE-2009-1148 1 Phpmyadmin 1 Phpmyadmin 2009-04-15 5.0 MEDIUM N/A
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).
CVE-2001-1060 1 Phpmyadmin 1 Phpmyadmin 2009-04-02 7.5 HIGH N/A
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.