Phppgadmin: >> Phppgadmin >> 4.1.1 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
CVSS Score
4.3
EPSS Score
0.007
Published
2011-10-08
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
CVSS Score
4.3
EPSS Score
0.02
Published
2008-12-16
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
CVSS Score
4.3
EPSS Score
0.005
Published
2007-10-30
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
CVSS Score
9.3
EPSS Score
0.037
Published
2007-05-25