CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0CVE-2009-1150
https://notcve.org/view.php?id=CVE-2009-1150
Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en la página de exportación (display_export.lib.php) en phpMyAdmin v2.11.x anteriores a v2.11.9.5 y v3.x anteriores a v3.1.3.1, permite a los atacantes remotos inyectar una secuencia de comandos web o HTML a través de la cookie pma_db_filename_template. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986&r2=12302&pathrev=12302 http://secunia.com/advisories/34430 http://secunia.com/advisories/34642 http://secunia.com/advisories/35585 http://secunia.com/advisories/35635 http://security.gentoo.org/glsa/glsa-200906-03.xml http://www.debian.org/security/2009/dsa-1824 http://www.mandriva.com/security/advisori • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 88%CPEs: 41EXPL: 3CVE-2009-1151 – phpMyAdmin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Vulnerabilidad de inyección de código estático en el archivo setup.php en phpMyAdmin v2.11.x anteriores a v2.11.9.5 y v3.x anteriores a v3.1.3.1 que permite a los atacantes remotos inyectar código PHP arbitrariamente en el archivo de configuración a través de la acción guardar. Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. • https://www.exploit-db.com/exploits/8921 https://www.exploit-db.com/exploits/8992 https://www.exploit-db.com/exploits/16913 http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301 http://secunia.com/advisories/34430 http://secunia.com/advisories/34642 http://secunia& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 1%CPEs: 27EXPL: 1CVE-2008-5621 – phpMyAdmin 3.1.0 - Cross-Site Request Forgery / SQL Injection
https://notcve.org/view.php?id=CVE-2008-5621
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en phpMyAdmin v2.11.x anterior a v2.11.9.4 y v3.x anterior a v3.1.1.0; permite a atacantes remotos realizar acciones no autorizadas como administrador a través de un enlace o etiqueta IMG a tbl_structure.php con un parámetro "table" (tabla) modificado. NOTA: esto puede ser utilizar para realizar ataques de inyección SQL y ejecutar código arbitrariamente. • https://www.exploit-db.com/exploits/7382 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://osvdb.org/50894 http://secunia.com/advisories/33076 http://secunia.com/advisories/33146 http://secunia.com/advisories/33246 http://secunia.com/advisories/33822 http://secunia.com/advisories/33912 http://security.gentoo.org/glsa/glsa-200903-32.xml http://securityreason.com/securityalert/4753 http://typo3.org/teams/security/security-bulletins/typo3-20081222-1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 1CVE-2008-4775 – phpMyAdmin 3.0.1 - 'pmd_pdf.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4775
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en pmd_pdf.php en phpMyAdmin v3.0.0, y posiblemente otras versiones incluyendo v2.11.9.2 y v3.0.1, cuando register_globals está activo, permite a atacantes remotos inyectar web script o HTML a través del parámetro "db", un vector diferente a CVE-2006-6942 y CVE-2007-5977. • https://www.exploit-db.com/exploits/32531 http://secunia.com/advisories/32449 http://secunia.com/advisories/32482 http://security.gentoo.org/glsa/glsa-200903-32.xml http://securityreason.com/securityalert/4516 http://www.securityfocus.com/archive/1/497815/100/0/threaded http://www.securityfocus.com/bid/31928 http://www.vupen.com/english/advisories/2008/2943 https://exchange.xforce.ibmcloud.com/vulnerabilities/46136 https://www.redhat.com/archives/fedora-package-announce/2008-October&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3032
https://notcve.org/view.php?id=CVE-2008-3032
Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión phpMyAdmin (phpmyadmin) 3.0.1 y versiones anteriores para TYPO3 permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/30884 http://typo3.org/teams/security/security-bulletins/typo3-20080701-2 http://www.securityfocus.com/bid/30039 https://exchange.xforce.ibmcloud.com/vulnerabilities/43508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •