Phpmyadmin: >> Phpmyadmin >> 2.5.2_pl1 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-07-01
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
CVSS Score
4.3
EPSS Score
0.013
Published
2008-09-30
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
CVSS Score
3.5
EPSS Score
0.006
Published
2008-07-16
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-11-24
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
CVSS Score
5.0
EPSS Score
0.006
Published
2005-11-16
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
CVSS Score
5.0
EPSS Score
0.006
Published
2005-11-16
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
CVSS Score
7.5
EPSS Score
0.021
Published
2004-12-31
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
CVSS Score
7.5
EPSS Score
0.142
Published
2004-12-31
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
CVSS Score
7.5
EPSS Score
0.03
Published
2004-12-31