Phpmyadmin CVEs and Security Vulnerabilities

Filtered by vendor Phpmyadmin Subscriptions

Search

Switch to Advanced Search (Beta)

Total 272 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2008-7251	1 Phpmyadmin	1 Phpmyadmin	2025-04-11	N/A
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
CVE-2008-7252	1 Phpmyadmin	1 Phpmyadmin	2025-04-11	N/A
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
CVE-2013-3742	1 Phpmyadmin	1 Phpmyadmin	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.
CVE-2013-4999	1 Phpmyadmin	1 Phpmyadmin	2025-04-11	N/A
phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.
CVE-2013-5001	1 Phpmyadmin	1 Phpmyadmin	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.
CVE-2013-5002	1 Phpmyadmin	1 Phpmyadmin	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.
CVE-2013-5029	2 Opensuse, Phpmyadmin	2 Opensuse, Phpmyadmin	2025-04-11	N/A
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
CVE-2008-2960	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
CVE-2007-5976	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
CVE-2007-2245	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.
CVE-2007-0203	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
CVE-2007-0341	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
CVE-2006-6942	2 Debian, Phpmyadmin	2 Debian Linux, Phpmyadmin	2025-04-09	N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2007-5386	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2007-5977	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
CVE-2007-6100	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
CVE-2007-0095	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
CVE-2006-6944	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
CVE-2009-1149	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
CVE-2007-2016	1 Phpmyadmin	1 Phpmyadmin	2025-04-09	N/A
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.

« first previous Page 9 of 14. next last »