Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
Max CVSS
7.5
EPSS Score
1.61%
Published
2001-06-27
Updated
2008-09-05
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.
Max CVSS
7.5
EPSS Score
0.99%
Published
2001-07-31
Updated
2009-04-03
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
Max CVSS
5.0
EPSS Score
1.38%
Published
2004-03-03
Updated
2017-10-10
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
Max CVSS
6.8
EPSS Score
0.92%
Published
2005-03-01
Updated
2017-07-11
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.
Max CVSS
10.0
EPSS Score
1.78%
Published
2005-01-10
Updated
2017-07-11
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.
Max CVSS
5.0
EPSS Score
0.54%
Published
2005-01-10
Updated
2017-07-11
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
Max CVSS
7.5
EPSS Score
2.15%
Published
2004-12-31
Updated
2017-07-20
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
Max CVSS
7.5
EPSS Score
5.54%
Published
2004-12-31
Updated
2017-07-20
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
Max CVSS
7.5
EPSS Score
2.79%
Published
2004-12-31
Updated
2017-07-20
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.
Max CVSS
5.0
EPSS Score
0.30%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
Max CVSS
4.3
EPSS Score
0.52%
Published
2005-02-24
Updated
2017-07-11
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.
Max CVSS
5.0
EPSS Score
0.41%
Published
2005-05-02
Updated
2008-09-05
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
Max CVSS
7.5
EPSS Score
2.15%
Published
2005-05-02
Updated
2017-07-11
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.
Max CVSS
4.6
EPSS Score
0.16%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
Max CVSS
4.3
EPSS Score
0.59%
Published
2005-05-02
Updated
2017-07-11
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-03
Updated
2011-03-08
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
Max CVSS
4.3
EPSS Score
32.78%
Published
2005-09-08
Updated
2008-09-05
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
Max CVSS
5.0
EPSS Score
2.33%
Published
2005-10-23
Updated
2008-09-05
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.
Max CVSS
5.0
EPSS Score
2.26%
Published
2005-10-23
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
Max CVSS
4.3
EPSS Score
0.79%
Published
2005-10-24
Updated
2011-03-08
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
Max CVSS
5.0
EPSS Score
1.53%
Published
2005-11-16
Updated
2008-09-05
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
Max CVSS
5.0
EPSS Score
1.16%
Published
2005-11-16
Updated
2016-10-18
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
Max CVSS
4.3
EPSS Score
1.53%
Published
2005-12-08
Updated
2018-10-19
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.
Max CVSS
4.3
EPSS Score
0.48%
Published
2005-11-24
Updated
2018-10-19
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
Max CVSS
5.0
EPSS Score
2.22%
Published
2005-12-08
Updated
2018-10-19
270 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!