Total
270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | |||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 7.5 HIGH | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2005-3300 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. | |||||
| CVE-2005-0992 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. | |||||
| CVE-2005-0567 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0543 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. | |||||
| CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | |||||
| CVE-2004-1147 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 10.0 HIGH | N/A |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2004-1055 | 2 Gentoo, Phpmyadmin | 2 Linux, Phpmyadmin | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. | |||||
| CVE-2016-9866 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9864 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9863 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. | |||||
| CVE-2016-9862 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. | |||||
| CVE-2016-9861 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9860 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9859 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9858 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9857 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9856 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9855 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. | |||||