CVSS: 7.5EPSS: 5%CPEs: 12EXPL: 6CVE-2004-2631 – phpMyAdmin 2.5.7 - Remote code Injection
https://notcve.org/view.php?id=CVE-2004-2631
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. • https://www.exploit-db.com/exploits/309 http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html http://eagle.kecapi.com/sec/fd/phpMyAdmin.html http://marc.info/?l=bugtraq&m=109816584519779&w=2 http://secunia.com/advisories/11974 http://securitytracker.com/id?1010614 http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml http://www.osvdb.org/7314 http://www.phpmyadmin.net/home_page/securit •
CVSS: 7.5EPSS: 3%CPEs: 12EXPL: 4CVE-2004-2632
https://notcve.org/view.php?id=CVE-2004-2632
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. • http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html http://eagle.kecapi.com/sec/fd/phpMyAdmin.html http://secunia.com/advisories/11974 http://securitytracker.com/alerts/2004/Jun/1010614.html http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml http://www.osvdb.org/7315 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-1 http://www.securityfocus.com/bid/10629 https://ex •
CVSS: 10.0EPSS: 1%CPEs: 15EXPL: 1CVE-2004-1147 – phpMyAdmin 2.x - External Transformations Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1147
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. • https://www.exploit-db.com/exploits/24817 http://marc.info/?l=bugtraq&m=110295781828323&w=2 http://www.exaprobe.com/labs/advisories/esa-2004-1213.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18441 •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2004-1148
https://notcve.org/view.php?id=CVE-2004-1148
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. • http://marc.info/?l=bugtraq&m=110295781828323&w=2 http://www.exaprobe.com/labs/advisories/esa-2004-1213.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18441 •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 2CVE-2004-1055
https://notcve.org/view.php?id=CVE-2004-1055
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. • http://www.netvigilance.com/html/advisory0005.htm http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3 https://exchange.xforce.ibmcloud.com/vulnerabilities/18158 •