CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 2CVE-2012-5469 – Portable phpMyAdmin <= 1.3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-5469
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. El complemento phpMyAdmin Portable antes de v1.3.1 para WordPress permite a atacantes remotos evitar la autenticación y obtener acceso a la consola de phpMyAdmin a través de una solicitud directa al wp-content/plugins/portable-phpmyadmin/wp-pma-mod. The Portable phpMyAdmin plugin before 1.3.0 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. WordPress portable-phpMyAdmin plugin version 1.3.0 fails to validate the existing session allowing a user to navigate directly to the interface. • https://www.exploit-db.com/exploits/23356 http://archives.neohapsis.com/archives/bugtraq/2012-12/0092.html http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1940
https://notcve.org/view.php?id=CVE-2011-1940
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v3.3.x anterior a v3.3.10.1 y v3.4.x anterior a v3.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre de tabla diseñada que provoca la prestación inadecuada HTML en una página de seguimiento , en relación con (1) bibliotecas / tbl_links.inc.php y tbl_tracking.php (2). • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492 http://www.debian.org/security/2012/dsa-2391 http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 9%CPEs: 6EXPL: 6CVE-2011-4107 – phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection
https://notcve.org/view.php?id=CVE-2011-4107
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. La función simplexml_load_string en la importación XML plug-in (libraries/import/xml.php) en phpMyAdmin v3.4.x anterior a v3.4.7.1, v3.3.x y v3.3.10.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de datos XML que contiene entidad de referencia externa, también conocido como un XML entidad externa (XXE) ataque de inyección. phpMyAdmin versions 3.3.x and 3.4.x suffer from a local file inclusion vulnerability via XXE injection. The attacker must be logged in to MySQL via phpMyAdmin. • https://www.exploit-db.com/exploits/18371 https://github.com/SECFORCE/CVE-2011-4107 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html http://osvdb.org/76798 http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt http://seclists.org/fulldisclosure/2011/Nov/21 http://secunia.com/adviso • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2011-3181
https://notcve.org/view.php?id=CVE-2011-3181
Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la característica de Tracking en phpMyAdmin v3.3.x anterior a v3.3.10.4 y 3.4.x anterior a v3.4.4 permite a atacantes remotos inyectar script web de su elección o HTML a través de un (1) nombre de tabla, (2) nombre de columna, o (2) nombre de index. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065824.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065829.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065854.html http://secunia.com/advisories/45709 http://secunia.com/advisories/45990 http://www.debian.org/security/2012/dsa-2391 http://www.mandriva.com/security/advisories?name=MDVSA-2011:158 http://www.phpmyadmin.net/home_page/security/PMASA-2011-13.php http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 75EXPL: 0CVE-2011-2642
https://notcve.org/view.php?id=CVE-2011-2642
Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la vista de implementación en la tabla Print en tbl_printview.php en phpMyAdmin anterior a v3.3.10.3 y v3.4.x anterior a v3.4.3.2 permite a usuarios autenticados de forma remota inyectar código script web de su elección o HTML a través de un nombre de tabla manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=4bd27166c314faa37cada91533b86377f4d4d214 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=a0823be05aa5835f207c0838b9cca67d2d9a050a http://secunia.com/advisories/45315 http://secunia.com/advisories/45365 http://secunia.com/advisories/45515 http • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •