CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 1CVE-2005-0459
https://notcve.org/view.php?id=CVE-2005-0459
17 Feb 2005 — phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. • http://securitytracker.com/id?1013210 •
CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 0CVE-2004-2630
https://notcve.org/view.php?id=CVE-2004-2630
31 Dec 2004 — The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. • http://marc.info/?l=bugtraq&m=109816584519779&w=2 •
CVSS: 10.0EPSS: 4%CPEs: 15EXPL: 1CVE-2004-1147 – phpMyAdmin 2.x - External Transformations Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1147
15 Dec 2004 — phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. • https://www.exploit-db.com/exploits/24817 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2004-1148
https://notcve.org/view.php?id=CVE-2004-1148
15 Dec 2004 — phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. • http://marc.info/?l=bugtraq&m=110295781828323&w=2 •
CVSS: 6.8EPSS: 1%CPEs: 17EXPL: 2CVE-2004-1055
https://notcve.org/view.php?id=CVE-2004-1055
24 Nov 2004 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. • http://www.netvigilance.com/html/advisory0005.htm •