Phpmyadmin : Security Vulnerabilities, CVEs, Published In 2010 CVSS score >= 3
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.
Max CVSS
5.0
EPSS Score
0.56%
Published
2010-12-17
Updated
2011-01-28
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
Max CVSS
4.3
EPSS Score
1.61%
Published
2010-12-08
Updated
2011-01-28
Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.
Max CVSS
4.3
EPSS Score
0.38%
Published
2010-12-02
Updated
2011-01-28
Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-09-10
Updated
2017-08-17
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.
Max CVSS
4.3
EPSS Score
0.50%
Published
2010-08-24
Updated
2011-01-28
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
Max CVSS
7.5
EPSS Score
10.06%
Published
2010-08-24
Updated
2011-01-28
Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056.
Max CVSS
4.3
EPSS Score
0.28%
Published
2010-09-08
Updated
2010-09-14
scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.78%
Published
2010-01-19
Updated
2010-05-06
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.46%
Published
2010-01-19
Updated
2011-01-28
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.99%
Published
2010-01-19
Updated
2010-05-06
10 vulnerabilities found