CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-5339
https://notcve.org/view.php?id=CVE-2012-5339
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpMyAdmin v3.5.x antes de v3.5.3, permiten a usuarios remotos autenticados, ejecutar secuencias de comandos web o HTML de su elección a través de un nombre manipulado en (1) un evento, (2) un procedimiento o (3) un disparador. • http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php http://www.securityfocus.com/bid/55925 https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611 https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-5368
https://notcve.org/view.php?id=CVE-2012-5368
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. phpMyAdmin v3.5.x antes de v3.5.3 utiliza código JavaScript que se obtiene a través de una sesión HTTP para phpmyadmin.net sin SSL, que permite a atacantes man-in-the-middle realizar ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) mediante la modificación de este código. • http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php http://www.securityfocus.com/bid/55939 https://github.com/phpmyadmin/phpmyadmin/commit/50edafc0884aa15d0a1aa178089ac6a1ad2eb18a https://github.com/phpmyadmin/phpmyadmin/commit/a547f3d3e2cf36c6a904fa3e053fd8bddd3fbbb0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 91%CPEs: 1EXPL: 1CVE-2012-5159 – phpMyAdmin 3.5.2.2 - 'server_sync.php' Backdoor
https://notcve.org/view.php?id=CVE-2012-5159
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. phpMyAdmin v3.5.2.2, tal y como se distribuyó en el 'mirror' CDNetworks-kr-1 durante un período de tiempo indeterminado en el año 2012, contiene una modificación introducida externamente (Un troyano) en server_sync.php, lo que permite a atacantes remotos ejecutar código PHP de su elección a través de un ataque de inyección eval. • https://www.exploit-db.com/exploits/21834 http://seclists.org/oss-sec/2012/q3/562 http://sourceforge.net/blog/phpmyadmin-back-door http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php http://www.securityfocus.com/bid/55672 • CWE-94: Improper Control of Generation of Code ('Code Injection') •