Phpmyadmin: >> Phpmyadmin >> 2.5.7_pl1 Security Vulnerabilities
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-05-02
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
CVSS Score
4.3
EPSS Score
0.102
Published
2005-05-02
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
CVSS Score
6.8
EPSS Score
0.012
Published
2005-03-01
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.
CVSS Score
10.0
EPSS Score
0.046
Published
2005-01-10
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-01-10
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
CVSS Score
7.5
EPSS Score
0.021
Published
2004-12-31
Page 2