Phpmyadmin : Security Vulnerabilities, CVEs, Published In November 2007
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
Max CVSS
2.6
EPSS Score
0.30%
Published
2007-11-23
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
Max CVSS
3.5
EPSS Score
0.42%
Published
2007-11-15
Updated
2017-07-29
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
Max CVSS
6.5
EPSS Score
0.26%
Published
2007-11-15
Updated
2017-07-29
3 vulnerabilities found