CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 0CVE-2009-3696
https://notcve.org/view.php?id=CVE-2009-3696
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. Vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre de tabla MySQL manipulado. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0CVE-2009-3697
https://notcve.org/view.php?id=CVE-2009-3697
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. Vulnerabilidad de inyección SQL en la funcionalidad generador de esquema PDF en phpMyAdmin v2.11.x anterior a v2.11.9.6 y v3.x anterior a v3.2.2.1 permite a atacantes remotos ejecutar comandos SQL a su elección a través de parámetros de la interfaz no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 177EXPL: 0CVE-2009-2284
https://notcve.org/view.php?id=CVE-2009-2284
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin anterior a v3.2.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un favorito con una sentencia SQL manipulada. • http://secunia.com/advisories/35649 http://secunia.com/advisories/35715 http://www.mandriva.com/security/advisories?name=MDVSA-2009:192 http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00150.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00152.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00256.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 1CVE-2009-1285
https://notcve.org/view.php?id=CVE-2009-1285
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files. Vulnerabilidad de inyección de código estático en la función getConfigFile en setup/lib/ConfigFile.class.php en phpMyAdmin v3.x antes de v3.1.3.2 permite a atacantes remotos ejecutar código PHP de su elección en ficheros de configuración. • http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342 http://secunia.com/advisories/34727 http://secunia.com/advisories/34741 http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php http://www.securityfocus.com/bid/34526 http://www.vupen.com/english/advisories/2009/1045 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00442.html https://www.redhat.com/archives/fe • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2009-1149
https://notcve.org/view.php?id=CVE-2009-1149
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters. Vulnerabilidad de inyección CRLF en el archivo bs_disp_as_mime_type.php en la característica BLOB streaming en phpMyAdmin anteriores a v3.1.3.1 permite a los atacantes remotos inyectar arbitrariamente cabeceras HTTP y llevar a cabo ataques de separación de respuesta HTTP a través de los parámetros (1) c_type y posiblemente (2) file_type • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303 http://secunia.com/advisories/34468 http://secunia.com/advisories/34642 http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php • CWE-20: Improper Input Validation •