Search Results (272 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3456 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.
CVE-2009-1148 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).
CVE-2009-1149 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
CVE-2009-1151 2 Debian, Phpmyadmin 2 Debian Linux, Phpmyadmin 2026-04-22 9.8 Critical
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVE-2006-2418 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.
CVE-2006-2417 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.
CVE-2006-1258 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
CVE-2005-3622 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
CVE-2006-3388 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.
CVE-2001-0478 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
CVE-2005-4450 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed.
CVE-2006-1804 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.
CVE-2006-1803 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.
CVE-2005-1392 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.
CVE-2005-2869 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
CVE-2006-1678 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
CVE-2004-1147 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2005-3299 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
CVE-2004-1148 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.
CVE-2005-0543 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.