Filtered by vendor Phpmyadmin
Subscribe
Total
270 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8960 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | |||||
CVE-2015-2206 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2024-02-28 | 5.0 MEDIUM | N/A |
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | |||||
CVE-2013-4995 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information. | |||||
CVE-2013-3238 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 6.0 MEDIUM | N/A |
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. | |||||
CVE-2012-4345 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. | |||||
CVE-2012-5339 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. | |||||
CVE-2013-5000 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 5.0 MEDIUM | N/A |
phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. | |||||
CVE-2013-3239 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 4.6 MEDIUM | N/A |
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. | |||||
CVE-2012-4219 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 5.0 MEDIUM | N/A |
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file. | |||||
CVE-2013-5003 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. | |||||
CVE-2012-1902 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 4.3 MEDIUM | N/A |
show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file. | |||||
CVE-2013-3742 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. | |||||
CVE-2013-4998 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 5.0 MEDIUM | N/A |
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. | |||||
CVE-2013-3241 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 4.0 MEDIUM | N/A |
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request. | |||||
CVE-2013-5002 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. | |||||
CVE-2012-4579 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. | |||||
CVE-2013-5001 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. | |||||
CVE-2012-5368 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 4.3 MEDIUM | N/A |
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. | |||||
CVE-2013-3240 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 6.5 MEDIUM | N/A |
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type. | |||||
CVE-2012-1190 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name. |