CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0544
https://notcve.org/view.php?id=CVE-2005-0544
24 Feb 2005 — phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals th... • http://secunia.com/advisories/14382 •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 1CVE-2005-0459
https://notcve.org/view.php?id=CVE-2005-0459
17 Feb 2005 — phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. • http://securitytracker.com/id?1013210 •
CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 0CVE-2004-2630
https://notcve.org/view.php?id=CVE-2004-2630
31 Dec 2004 — The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. • http://marc.info/?l=bugtraq&m=109816584519779&w=2 •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 4CVE-2004-2632
https://notcve.org/view.php?id=CVE-2004-2632
31 Dec 2004 — phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. • http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html •
CVSS: 9.8EPSS: 14%CPEs: 12EXPL: 6CVE-2004-2631 – phpMyAdmin 2.5.7 - Remote code Injection
https://notcve.org/view.php?id=CVE-2004-2631
31 Dec 2004 — Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. • https://www.exploit-db.com/exploits/309 •
CVSS: 10.0EPSS: 4%CPEs: 15EXPL: 1CVE-2004-1147 – phpMyAdmin 2.x - External Transformations Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1147
15 Dec 2004 — phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. • https://www.exploit-db.com/exploits/24817 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2004-1148
https://notcve.org/view.php?id=CVE-2004-1148
15 Dec 2004 — phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. • http://marc.info/?l=bugtraq&m=110295781828323&w=2 •
CVSS: 6.8EPSS: 1%CPEs: 17EXPL: 2CVE-2004-1055
https://notcve.org/view.php?id=CVE-2004-1055
24 Nov 2004 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. • http://www.netvigilance.com/html/advisory0005.htm •
CVSS: 7.5EPSS: 11%CPEs: 29EXPL: 2CVE-2004-0129 – phpMyAdmin 2.x - 'Export.php' File Disclosure
https://notcve.org/view.php?id=CVE-2004-0129
03 Mar 2004 — Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. Vulnerabilidad de atravesamiento de directorios en export.php en phpMyAdmin 2.5.5 y anteriores permite a atacantes remotos leer ficheros arbitrarios mediante secuencias .. (punto punto) en el parámetro what • https://www.exploit-db.com/exploits/23640 •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2001-1060
https://notcve.org/view.php?id=CVE-2001-1060
31 Jul 2001 — phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. • http://freshmeat.net/redir/phpmyadmin/8001/url_changelog •