CVSS: 9.8EPSS: 35%CPEs: 48EXPL: 4CVE-2011-2505 – phpMyAdmin3 (pma3) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-2505
14 Jul 2011 — libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability." libraries/auth/swekey/swekey.auth.lib.php en la función de autenticación Swekey en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 as... • https://www.exploit-db.com/exploits/17510 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 28%CPEs: 48EXPL: 4CVE-2011-2506 – phpMyAdmin 3.x - Swekey Remote Code Injection
https://notcve.org/view.php?id=CVE-2011-2506
14 Jul 2011 — setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. setup/lib/ConfigGenerator.class.php en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 no restringe correctamente la presencia de los delimitadores de cierre de comentario, permitiendo a ata... • https://www.exploit-db.com/exploits/17514 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 67EXPL: 0CVE-2011-0986
https://notcve.org/view.php?id=CVE-2011-0986
14 Feb 2011 — phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. PhpMyAdmin v2.11.x antes de v2.11.11.2, y v3.3.x antes de v3.3.9.1, no controla correctamente la ausencia de los ficheros (1) README, (2) Changelog , y (3) Los archivos de licencia, que permite a atacantes remotos obtener la ruta de instalación a tr... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 69EXPL: 0CVE-2011-0987
https://notcve.org/view.php?id=CVE-2011-0987
14 Feb 2011 — The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. La función PMA_Bookmark_get en libraries/bookmark.lib.php de phpMyAdmin v2.11.x y anteriores a v2.11.11.3, y v3.3.x anteriores a v3.3.9.2,no restringe adecuadamente las consultas de bookmark, lo que hace más fácil ... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2010-4481
https://notcve.org/view.php?id=CVE-2010-4481
17 Dec 2010 — phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. phpMyAdmin anteriores a v3.4.0-beta1, permite a atacantes remotos evitar la autenticación y obtener información sensible a través de una solicitud directa al phpinfo.php, que llama a la función phpinfo. • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4d9fd005671b05c4d74615d5939ed45e4d019e4c • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2010-4329
https://notcve.org/view.php?id=CVE-2010-4329
02 Dec 2010 — Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcion PMA_linkOrButton en libraries/common.lib.php en el script de búsqueda database (db) en phpMyAdmin v2.11.x anterior a v2.11.... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2010-3263
https://notcve.org/view.php?id=CVE-2010-3263
10 Sep 2010 — Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en setup/frames/index.inc.php en el ficheros de comandos de configuración en phpMyAdmin v3.x anteriores a v3.3.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del nombre del servidor. • http://secunia.com/advisories/41210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2010-2958
https://notcve.org/view.php?id=CVE-2010-2958
08 Sep 2010 — Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en libraries/Error.class.php en phpMyAdmin v3.x anterior a v3.3.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su e... • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=133a77fac7d31a38703db2099a90c1b49de62e37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 1CVE-2010-3055
https://notcve.org/view.php?id=CVE-2010-3055
24 Aug 2010 — The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. La configuración de la secuencia de comandos de instalación (también conocida como scripts/setup.php) en phpMyAdmin v2.11.x anterior a v2.11.10.1 no restringe adecuadamente nombres clave en sus archivos de salida, lo que permite a atacantes remotos ejecutar código PHP de su... • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 58EXPL: 1CVE-2010-3056
https://notcve.org/view.php?id=CVE-2010-3056
24 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparse... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •