CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2013-5000 – Mandriva Linux Security Advisory 2013-203
https://notcve.org/view.php?id=CVE-2013-5000
30 Jul 2013 — phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. phpMyAdmin 3.5.x anterior a 3.5.8.2, permite a a atacantes remotos obtener información sensible a través de una petición inválida, que muestra la ruta de instalación en un mensaje de error. Relacionado con config.default.php y otros archivos. Multiple vulnerabilities have been found in phpMyAdmi... • http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2013-5003 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2013-5003
30 Jul 2013 — Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. Múltiples vulnerabilidades de inyección SQL en phpMyAdmin 3.5.x anterior a 3.5.8.2 y 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente ejecutar comandos SQL arbitrarios a través de (1)el parámetro "scale" a pmd_pdf.php o (2)... • http://secunia.com/advisories/59832 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 59%CPEs: 13EXPL: 3CVE-2013-3238 – phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-3238
26 Apr 2013 — phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. phpMyAdmin v3.5.x antes de v3.5.8 y v4.x antes de v4.0.0-RC3 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una secuencia /e\x00, que no se utilizan con cuidado antes de hacer una llamada a la función preg_replace en el "Repla... • https://www.exploit-db.com/exploits/25136 •
CVSS: 9.8EPSS: 16%CPEs: 13EXPL: 2CVE-2013-3239 – phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3239
26 Apr 2013 — phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. phpMyAdmin v3.5.x antes de v3.5.8 y v4.x antes de v4.0.0-RC3, cuando se configura un directorio SaveDir, permite a los usuarios remotos autenticados ejecutar código ... • https://www.exploit-db.com/exploits/25003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 8%CPEs: 12EXPL: 3CVE-2013-1937 – phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1937
16 Apr 2013 — Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable. ** EN DISPUTA ** Múltiples vulnerabilidades Cross-Site Scripting (XSS) en tbl_gis_visualization.php en phpMyAdmin, en versiones 3.5.x anteriores a la 3.5.8, permiten que atacantes re... • https://www.exploit-db.com/exploits/38440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •