Phpmyadmin: >> Phpmyadmin >> 2.4.0 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
CVSS Score
4.3
EPSS Score
0.011
Published
2005-12-08
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
CVSS Score
4.3
EPSS Score
0.125
Published
2005-09-08
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-05-02
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
CVSS Score
4.3
EPSS Score
0.102
Published
2005-05-02
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.
CVSS Score
10.0
EPSS Score
0.046
Published
2005-01-10
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-01-10
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
CVSS Score
5.0
EPSS Score
0.117
Published
2004-03-03
Page 5