Shodan
Vulnerabilities
Vulnerable Software
Phpmyadmin:  >> Phpmyadmin  >> 3.4.3.2  Security Vulnerabilities
CVE-2011-4634
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.
CVSS Score
4.3
EPSS Score
0.004
Published
2011-12-22
CVE-2011-4780
Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-12-22
CVE-2011-3646
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.
CVSS Score
5.0
EPSS Score
0.006
Published
2011-11-17
CVE-2011-4107
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
CVSS Score
6.5
EPSS Score
0.122
Published
2011-11-17
CVE-2011-4064
Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-11-01
CVE-2011-3181
Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name.
CVSS Score
4.3
EPSS Score
0.006
Published
2011-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved