CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2008-1149
https://notcve.org/view.php?id=CVE-2008-1149
04 Mar 2008 — phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. phpMyAdmin anterior a la v2.11.5, accesos a $_REQUEST para obtener algún parámetro en vez de usar $_GET y $_POST, puede permitir a atacantes remotos del mismo dominio sobrescribir variables, inyectar código SQL y realizar ataques de falsificac... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 82EXPL: 0CVE-2007-6100
https://notcve.org/view.php?id=CVE-2007-6100
23 Nov 2007 — Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en el fichero libraries/auth/cookie.auth.lib.php de phpMyAdmin, en versiones previas a la 2.11.2.2. Cuando los inicios de sesió... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5976
https://notcve.org/view.php?id=CVE-2007-5976
15 Nov 2007 — SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. Vulnerabilidad de inyección SQL en el db_create.php en el phpMyAdmin anterior al 2.11.2.1 permite a usuarios remotos autenticados con privilegios de CREATE DATABASE ejecutar comandos SQL de su elección a través del parámetro db. • http://secunia.com/advisories/27630 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5977
https://notcve.org/view.php?id=CVE-2007-5977
15 Nov 2007 — Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el db_create.php del phpMyAdmin anterior al 2.11.2.1 permite a usuarios remotos autenticados con privilegios de CREATE DATABASE la inye... • http://secunia.com/advisories/27630 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 1CVE-2007-5589 – phpMyAdmin 2.11.1 - 'Server_Status.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5589
19 Oct 2007 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI. Múltiples vulnerabilidades de tipo cro... • https://www.exploit-db.com/exploits/30733 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 1CVE-2007-5386 – phpMyAdmin 2.11.1 - 'setup.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5386
12 Oct 2007 — Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo scripts/setup.php en phpMyAdmin versión 2.11.1, cuando es accedida mediante un navegador que no codifica las peticiones de URL, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de la cad... • https://www.exploit-db.com/exploits/30653 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4306
https://notcve.org/view.php?id=CVE-2007-4306
13 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7. Múltiples vulnerabilidades de secuencias de com... • http://pridels-team.blogspot.com/2007/08/phpmyadmin-multiple-xss-vuln.html •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-2245
https://notcve.org/view.php?id=CVE-2007-2245
25 Apr 2007 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin versiones anteriores a 2.10.1.0 permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) el parámetro fieldkey en browse_foreigners.php ó (2)... • http://osvdb.org/35050 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2016
https://notcve.org/view.php?id=CVE-2007-2016
12 Apr 2007 — Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mysql/phpinfo.php de phpMyAdmin 2.6.1 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro lang[]. • http://osvdb.org/35049 •
CVSS: 6.1EPSS: 1%CPEs: 22EXPL: 1CVE-2007-1395
https://notcve.org/view.php?id=CVE-2007-1395
10 Mar 2007 — Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase end tag, which bypasses the protection against lowercase . Vulnerabilidad de lista negra incompleta en index.php en phpMyAdmin 2.8.0 hasta 2.9.2 permite a atacantes remotos llevar a cabo ataques de secuencias de comandos de sitios cr... • http://osvdb.org/35048 •