Search Results (Refine Search)
- Keyword (text search): phpmyadmin
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-3240 |
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type. Published: April 25, 2013; 11:34:23 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2013-3239 |
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. Published: April 25, 2013; 11:34:23 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2013-3238 |
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. Published: April 25, 2013; 11:34:23 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2013-1937 |
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable. Published: April 16, 2013; 10:04:31 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-5469 |
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. Published: December 20, 2012; 7:02:18 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-5368 |
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. Published: October 25, 2012; 6:51:29 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5339 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. Published: October 25, 2012; 6:51:28 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-5159 |
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. Published: September 25, 2012; 6:55:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-4579 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. Published: August 21, 2012; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-4345 |
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. Published: August 21, 2012; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-4219 |
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file. Published: August 21, 2012; 3:55:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-1190 |
Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name. Published: May 03, 2012; 12:08:25 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1902 |
show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file. Published: April 06, 2012; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1941 |
Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: January 26, 2012; 10:55:01 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1940 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. Published: January 26, 2012; 10:55:01 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4782 |
Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Published: December 22, 2011; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4780 |
Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. Published: December 22, 2011; 3:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4634 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog. Published: December 22, 2011; 3:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4107 |
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. Published: November 17, 2011; 2:55:01 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2011-3646 |
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. Published: November 17, 2011; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |