CVSS: 8.8EPSS: 2%CPEs: 69EXPL: 0CVE-2011-0987
https://notcve.org/view.php?id=CVE-2011-0987
14 Feb 2011 — The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. La función PMA_Bookmark_get en libraries/bookmark.lib.php de phpMyAdmin v2.11.x y anteriores a v2.11.11.3, y v3.3.x anteriores a v3.3.9.2,no restringe adecuadamente las consultas de bookmark, lo que hace más fácil ... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2010-4481
https://notcve.org/view.php?id=CVE-2010-4481
17 Dec 2010 — phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. phpMyAdmin anteriores a v3.4.0-beta1, permite a atacantes remotos evitar la autenticación y obtener información sensible a través de una solicitud directa al phpinfo.php, que llama a la función phpinfo. • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4d9fd005671b05c4d74615d5939ed45e4d019e4c • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 23%CPEs: 2EXPL: 2CVE-2010-4480 – phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification
https://notcve.org/view.php?id=CVE-2010-4480
08 Dec 2010 — error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". El archivo error.php en PhpMyAdmin versión 3.3.8.1, y otras versiones anteriores a 3.4.0-beta1, permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS), por medio de una etiqueta BBcode creada que contiene caracteres "@", como es demostrado usando "[a@... • https://www.exploit-db.com/exploits/15699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2010-4329
https://notcve.org/view.php?id=CVE-2010-4329
02 Dec 2010 — Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcion PMA_linkOrButton en libraries/common.lib.php en el script de búsqueda database (db) en phpMyAdmin v2.11.x anterior a v2.11.... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2010-3263
https://notcve.org/view.php?id=CVE-2010-3263
10 Sep 2010 — Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en setup/frames/index.inc.php en el ficheros de comandos de configuración en phpMyAdmin v3.x anteriores a v3.3.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del nombre del servidor. • http://secunia.com/advisories/41210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2010-2958
https://notcve.org/view.php?id=CVE-2010-2958
08 Sep 2010 — Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en libraries/Error.class.php en phpMyAdmin v3.x anterior a v3.3.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su e... • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=133a77fac7d31a38703db2099a90c1b49de62e37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 58EXPL: 1CVE-2010-3056
https://notcve.org/view.php?id=CVE-2010-3056
24 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparse... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 24EXPL: 1CVE-2010-3055
https://notcve.org/view.php?id=CVE-2010-3055
24 Aug 2010 — The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. La configuración de la secuencia de comandos de instalación (también conocida como scripts/setup.php) en phpMyAdmin v2.11.x anterior a v2.11.10.1 no restringe adecuadamente nombres clave en sus archivos de salida, lo que permite a atacantes remotos ejecutar código PHP de su... • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 45EXPL: 0CVE-2008-7252
https://notcve.org/view.php?id=CVE-2008-7252
19 Jan 2010 — libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. libraries/File.class.php en phpMyAdmin v2.11.x anterior a v2.11.10 utiliza nombres de ficheros previsibles para los ficheros temporales, lo que tiene un impacto y vectores de ataque desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2009-4605
https://notcve.org/view.php?id=CVE-2009-4605
19 Jan 2010 — scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. scripts/setup.php (también conocido como secuencias de comandos de instalación) en phpMyAdmin v2.11.x anterior a v2.11.10 llama a la función unserialize en los valores de la (1) configuración y (2) v[0] parámetros, lo que podrí... • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html •