threat
engine
.sh
Back
·
··:··
Home
/
Product
/
phpmyadmin
Product
phpmyadmin
271 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-25727
< 4.9.11
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through t
5.4
MEDIUM
CVE-2020-22452
>= 5.0.0 and < 5.2.0
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_sto
9.8
CRITICAL
CVE-2022-0813
<= 5.1.1
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This af
5.3
MEDIUM
CVE-2022-23808
>= 5.1.0 and < 5.1.2
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, wh
6.1
MEDIUM
CVE-2022-23807
>= 4.9.0 and < 4.9.8
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdm
4.3
MEDIUM
CVE-2020-22278
<= 5.0.2
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurate
8.8
HIGH
CVE-2020-26935
>= 4.9.0 and < 4.9.6
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was dis
9.8
CRITICAL
CVE-2020-26934
>= 4.9.0 and < 4.9.6
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
6.1
MEDIUM
CVE-2020-11441
all versions
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences t
6.1
MEDIUM
CVE-2020-10803
>= 4.0.0 and < 4.9.5
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be us
5.4
MEDIUM
CVE-2020-10802
>= 4.0.0 and < 4.9.5
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters ar
8.0
HIGH
CVE-2020-10804
>= 4.0.0 and < 4.9.5
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username
8.0
HIGH
CVE-2020-5504
>= 4.0.0 and < 4.9.4
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject cus
8.8
HIGH
CVE-2019-19617
< 4.9.2
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and librarie
9.8
CRITICAL
CVE-2019-18622
< 4.9.2
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack th
9.8
CRITICAL
CVE-2019-12922
<= 4.9.0.1
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
6.5
MEDIUM
CVE-2019-12616
< 4.9.0
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack aga
6.5
MEDIUM
CVE-2019-11768
< 4.9.0.1
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be
9.8
CRITICAL
CVE-2019-6799
>= 4.0.0 and <= 4.8.4
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the u
5.9
MEDIUM
CVE-2019-6798
>= 4.5.0 and <= 4.8.4
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to
9.8
CRITICAL
CVE-2018-19970
>= 4.0.0 and < 4.8.4
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a us
6.1
MEDIUM
CVE-2018-19969
>= 4.7.0 and <= 4.7.6
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a
8.8
HIGH
CVE-2018-19968
>= 4.0.0 and < 4.8.4
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation fea
6.5
MEDIUM
CVE-2018-15605
< 4.8.3
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use
6.1
MEDIUM
CVE-2018-12613
>= 4.8.0 and < 4.8.2
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on
8.8
HIGH
CVE-2018-12581
< 4.8.2
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found whe
6.1
MEDIUM
CVE-2017-18264
>= 4.0.0 and < 4.0.10.20
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The r
9.8
CRITICAL
CVE-2018-10188
all versions
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js
8.8
HIGH
CVE-2018-7260
< 4.7.8
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to
5.4
MEDIUM
CVE-2017-1000499
>= 4.7.0 and < 4.7.7
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted UR
8.8
HIGH
CVE-2017-1000018
>= 4.0.0 and < 4.0.10.19
phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name
7.5
HIGH
CVE-2017-1000017
>= 4.0.0 and < 4.0.10.19
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitr
8.8
HIGH
CVE-2017-1000016
all versions
A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomp
7.5
HIGH
CVE-2017-1000015
all versions
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters
6.1
MEDIUM
CVE-2017-1000014
all versions
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality
7.5
HIGH
CVE-2017-1000013
all versions
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness
6.1
MEDIUM
CVE-2016-6621
<= 4.0.10.18
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduc
8.6
HIGH
CVE-2016-9866
all versions
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not proper
9.8
CRITICAL
CVE-2016-9865
all versions
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered
9.8
CRITICAL
CVE-2016-9864
all versions
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tr
7.5
HIGH
CVE-2016-9863
all versions
An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial
7.5
HIGH
CVE-2016-9862
all versions
An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x v
7.5
HIGH
CVE-2016-9861
all versions
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protect
7.5
HIGH
CVE-2016-9860
all versions
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running w
5.9
MEDIUM
CVE-2016-9859
all versions
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attac
5.3
MEDIUM
CVE-2016-9858
all versions
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attac
5.3
MEDIUM
CVE-2016-9857
all versions
An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript proce
6.1
MEDIUM
CVE-2016-9856
all versions
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by
6.1
MEDIUM
CVE-2016-9855
all versions
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to
5.3
MEDIUM
CVE-2016-9854
all versions
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to
5.3
MEDIUM
CVE-2016-9853
all versions
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to
5.3
MEDIUM
CVE-2016-9852
all versions
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to
5.3
MEDIUM
CVE-2016-9851
all versions
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6
5.3
MEDIUM
CVE-2016-9850
all versions
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the
5.3
MEDIUM
CVE-2016-9849
all versions
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny
9.8
CRITICAL
CVE-2016-9848
all versions
An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x
5.3
MEDIUM
CVE-2016-9847
all versions
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin gen
5.3
MEDIUM
CVE-2016-6633
all versions
An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP instal
8.1
HIGH
CVE-2016-6632
all versions
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import
5.9
MEDIUM
CVE-2016-6631
all versions
An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being
7.5
HIGH
CVE-2016-6630
all versions
An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long
6.5
MEDIUM
CVE-2016-6629
all versions
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse
9.8
CRITICAL
CVE-2016-6628
all versions
An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG fil
6.3
MEDIUM
CVE-2016-6627
all versions
An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x
5.3
MEDIUM
CVE-2016-6626
all versions
An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6
5.4
MEDIUM
CVE-2016-6625
all versions
An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, us
4.3
MEDIUM
CVE-2016-6624
all versions
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used
5.9
MEDIUM
CVE-2016-6623
all versions
An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large
6.5
MEDIUM
CVE-2016-6622
all versions
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing pers
5.9
MEDIUM
CVE-2016-6620
all versions
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid
9.8
CRITICAL
CVE-2016-6619
all versions
An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack agains
8.8
HIGH
CVE-2016-6618
all versions
An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack agains
6.5
MEDIUM
CVE-2016-6617
all versions
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection atta
8.1
HIGH
CVE-2016-6616
all versions
An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack aga
7.5
HIGH
CVE-2016-6615
all versions
XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted data
6.1
MEDIUM
CVE-2016-6614
all versions
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. W
6.8
MEDIUM
CVE-2016-6613
all versions
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to re
5.3
MEDIUM
CVE-2016-6612
all versions
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the
6.5
MEDIUM
CVE-2016-6611
all versions
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection atta
8.1
HIGH
CVE-2016-6610
all versions
A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechan
4.3
MEDIUM
CVE-2016-6609
all versions
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the a
8.8
HIGH
CVE-2016-6608
all versions
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. S
6.1
MEDIUM
CVE-2016-6607
all versions
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS
6.1
MEDIUM
CVE-2016-6606
all versions
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding ora
8.1
HIGH
CVE-2016-4412
all versions
An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authenticati
4.4
MEDIUM
CVE-2016-5099
all versions
Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inj
6.1
MEDIUM
CVE-2016-5098
all versions
Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers
5.3
MEDIUM
CVE-2016-5097
<= 4.6.1
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, wh
5.3
MEDIUM
CVE-2016-5739
all versions
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use
7.5
HIGH
CVE-2016-5734
all versions
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent us
9.8
CRITICAL
CVE-2016-5733
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before
6.1
MEDIUM
CVE-2016-5732
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_par
6.1
MEDIUM
CVE-2016-5731
all versions
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4
6.1
MEDIUM
CVE-2016-5730
all versions
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive infor
5.3
MEDIUM
CVE-2016-5706
all versions
js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers
7.5
HIGH
CVE-2016-5705
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attack
6.1
MEDIUM
CVE-2016-5704
all versions
Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to i
6.1
MEDIUM
CVE-2016-5703
all versions
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows
9.8
CRITICAL
CVE-2016-5702
all versions
phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute in
3.7
LOW
CVE-2016-5701
all versions
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote
6.1
MEDIUM
CVE-2016-2562
all versions
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from ap
6.8
MEDIUM
CVE-2016-2561
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote auth
5.4
MEDIUM
CVE-2016-2560
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before
6.1
MEDIUM
CVE-2016-2559
all versions
Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in p
5.4
MEDIUM
CVE-2016-2045
all versions
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to i
5.4
MEDIUM
CVE-2016-2044
all versions
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive i
5.3
MEDIUM
CVE-2016-2043
all versions
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3
5.4
MEDIUM
CVE-2016-2042
all versions
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted requ
5.3
MEDIUM
CVE-2016-2041
all versions
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a consta
7.5
HIGH
CVE-2016-2040
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before
5.4
MEDIUM
CVE-2016-2039
all versions
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly ge
5.3
MEDIUM
CVE-2016-2038
all versions
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive infor
5.3
MEDIUM
CVE-2016-1927
all versions
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.
7.5
HIGH
CVE-2015-8669
all versions
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows rem
5.3
MEDIUM
CVE-2015-7873
all versions
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof con
CVE-2015-6830
all versions
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote
CVE-2015-3903
all versions
libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.
CVE-2015-3902
all versions
Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before
CVE-2015-2206
all versions
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes inval
CVE-2011-3592
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.
CVE-2011-3591
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject ar
CVE-2014-9219
all versions
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote a
CVE-2014-9218
all versions
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attac
CVE-2014-8961
all versions
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.
CVE-2014-8960
all versions
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x befo
CVE-2014-8959
all versions
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.
CVE-2014-8958
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4
CVE-2014-6300
all versions
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1
CVE-2014-8326
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4
CVE-2014-7217
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4
CVE-2014-5274
all versions
Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1
CVE-2014-5273
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4
CVE-2014-4987
all versions
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass inte
CVE-2014-4986
all versions
Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2,
CVE-2014-4955
all versions
Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0
CVE-2014-4954
all versions
Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.
CVE-2014-4349
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authen
CVE-2014-4348
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject ar
CVE-2014-1879
<= 4.1.6
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbi
CVE-2013-5029
all versions
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vector
CVE-2013-5003
all versions
Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated user
CVE-2013-5002
all versions
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 a
CVE-2013-5001
all versions
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in
CVE-2013-5000
all versions
phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the
CVE-2013-4999
all versions
phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the
CVE-2013-4998
all versions
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid re
CVE-2013-4997
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary
CVE-2013-4996
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attac
CVE-2013-4995
all versions
Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated u
CVE-2013-4729
all versions
import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which a
CVE-2013-3742
all versions
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remot
CVE-2013-3241
all versions
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of
CVE-2013-3240
all versions
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to re
CVE-2013-3239
all versions
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users
CVE-2013-3238
all versions
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 se
CVE-2013-1937
<= 3.5.8
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remo
6.1
MEDIUM
CVE-2012-5469
all versions
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin c
CVE-2012-5368
all versions
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which a
CVE-2012-5339
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject ar
CVE-2012-5159
all versions
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally
CVE-2012-4579
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject
CVE-2012-4345
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x b
CVE-2012-4219
all versions
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct req
CVE-2012-1190
all versions
Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.
CVE-2012-1902
all versions
show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to o
CVE-2011-1941
all versions
Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users t
CVE-2011-1940
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attack
CVE-2011-4782
all versions
Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x befor
CVE-2011-4780
all versions
Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow rem
CVE-2011-4634
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary we
CVE-2011-4107
>= 3.3.0.0 and < 3.3.10.5
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3
6.5
MEDIUM
CVE-2011-3646
all versions
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_
CVE-2011-4064
all versions
Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject
CVE-2011-3181
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3
CVE-2011-2719
all versions
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sess
CVE-2011-2718
all versions
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remo
CVE-2011-2643
all versions
Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows rem
CVE-2011-2642
<= 3.3.10.2
Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin befo
CVE-2011-2508
all versions
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, whe
CVE-2011-2507
all versions
libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1
CVE-2011-2506
all versions
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the pres
CVE-2011-2505
all versions
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before
CVE-2011-0987
all versions
The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does
CVE-2011-0986
all versions
phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLo
CVE-2010-4481
<= 3.3.9.0
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct reque
CVE-2010-4480
all versions
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (X
CVE-2010-4329
all versions
Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search
CVE-2010-3263
all versions
Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows r
CVE-2010-2958
all versions
Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to in
CVE-2010-3056
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote atta
CVE-2010-3055
all versions
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names
CVE-2009-4605
all versions
scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (
CVE-2008-7252
all versions
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown imp
CVE-2008-7251
all versions
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknow
CVE-2009-3697
all versions
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1
CVE-2009-3696
all versions
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to in
CVE-2009-2284
<= 3.2.0
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HT
CVE-2009-1285
all versions
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3
CVE-2009-1151
>= 2.11.0 and < 2.11.9.5
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attacke
9.8
CRITICAL
CVE-2009-1150
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9
CVE-2009-1149
<= 3.1.3
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote
CVE-2009-1148
<= 3.1.3
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows re
CVE-2008-5621
all versions
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attacker
CVE-2008-4775
all versions
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.
CVE-2008-4326
<= 2.11.9.1
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allo
CVE-2008-4096
<= 2.11.9
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via
CVE-2008-3457
<= 2.11.7.0
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject
CVE-2008-3456
<= 2.11.7.0
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which mak
CVE-2008-3197
all versions
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized acti
CVE-2008-3032
<= 3.0.1
Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attack
CVE-2008-2960
all versions
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is di
CVE-2008-1924
<= 2.11.5.1
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREA
CVE-2008-1567
< 2.11.5.1
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Sess
5.5
MEDIUM
CVE-2008-1149
<= 2.11.4
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the s
CVE-2007-6100
<= 2.11.2.1
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are auth
CVE-2007-5977
<= 2.11.2
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CRE
CVE-2007-5976
<= 2.11.2
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE
CVE-2007-5589
<= 2.11.1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web s
CVE-2007-5386
all versions
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-e
CVE-2007-4306
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or
CVE-2007-2245
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web s
CVE-2007-2016
all versions
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web
CVE-2007-1395
all versions
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site sc
CVE-2007-1325
<= 2.10.0.1
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays p
CVE-2006-6944
<= 2.9.1
phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
CVE-2006-6943
<= 2.9.1
PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php
CVE-2006-6942
<= 2.9.1
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML o
CVE-2007-0341
all versions
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remot
CVE-2007-0204
<= 2.9.1.1
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web
CVE-2007-0203
<= 2.9.1.1
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
CVE-2007-0095
all versions
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.
CVE-2006-6374
all versions
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduc
CVE-2006-6373
all versions
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, wh
CVE-2006-5718
all versions
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitr
CVE-2006-5117
all versions
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows r
CVE-2006-5116
all versions
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauth
CVE-2006-3388
all versions
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML
CVE-2006-2418
all versions
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbit
CVE-2006-2417
all versions
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web scri
CVE-2006-2031
all versions
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attac
CVE-2006-1804
all versions
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the s
CVE-2006-1803
<= 2.8.0.3
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script
CVE-2006-1678
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web sc
CVE-2006-1258
all versions
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via
CVE-2005-4450
all versions
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a l
CVE-2005-4349
all versions
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQ
6.3
MEDIUM
CVE-2005-3665
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web scri
CVE-2005-4079
all versions
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by m
CVE-2005-3787
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web
CVE-2005-3622
all versions
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple s
CVE-2005-3621
all versions
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via
CVE-2005-3301
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web
CVE-2005-3300
all versions
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values
CVE-2005-3299
all versions
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include loca
CVE-2005-2869
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web scri
CVE-2005-1392
all versions
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the init
CVE-2005-0992
all versions
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary w
CVE-2005-0653
all versions
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated u
CVE-2005-0567
all versions
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by mod
CVE-2005-0544
all versions
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2
CVE-2005-0459
all versions
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a dire
CVE-2004-1055
all versions
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary
CVE-2005-0543
all versions
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (
CVE-2004-1148
all versions
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql
CVE-2004-1147
all versions
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute a
CVE-2004-2632
all versions
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL server
CVE-2004-2631
all versions
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to
CVE-2004-2630
all versions
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote at
CVE-2004-0129
all versions
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files vi
CVE-2001-1060
all versions
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableO
CVE-2001-0478
<= 2.2.0
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin