CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2417
https://notcve.org/view.php?id=CVE-2006-2417
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031. • http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html http://secunia.com/advisories/20113 http://secunia.com/advisories/20627 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2 http://www.securityfocus.com/bid/17973 http://www.vupen.com/english/advisories/2006/1794 https://exchange.xforce.ibmcloud.com/vulnerabilities/26444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 1CVE-2006-2031
https://notcve.org/view.php?id=CVE-2006-2031
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. • http://pridels0.blogspot.com/2006/04/phpmyadmin-xss-vuln.html http://secunia.com/advisories/19659 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2 https://exchange.xforce.ibmcloud.com/vulnerabilities/25954 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2006-1804
https://notcve.org/view.php?id=CVE-2006-1804
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. • http://secunia.com/advisories/19659 http://secunia.com/advisories/19897 http://www.novell.com/linux/security/advisories/2006_04_28.html http://www.securityfocus.com/archive/1/431013/100/0/threaded http://www.vupen.com/english/advisories/2006/1372 https://exchange.xforce.ibmcloud.com/vulnerabilities/25858 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2CVE-2006-1803 – phpMyAdmin 2.7 - 'sql.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1803
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. • https://www.exploit-db.com/exploits/27632 http://secunia.com/advisories/19659 http://secunia.com/advisories/19897 http://www.novell.com/linux/security/advisories/2006_04_28.html http://www.securityfocus.com/archive/1/430902/100/0/threaded http://www.securityfocus.com/archive/1/431013/100/0/threaded http://www.securityfocus.com/bid/17487 http://www.vupen.com/english/advisories/2006/1372 https://exchange.xforce.ibmcloud.com/vulnerabilities/25796 •