Phpmyadmin » Phpmyadmin : Security Vulnerabilities, CVEs, Published In 2009

CVE-2009-3697

SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
Max CVSS
7.5
EPSS Score
0.53%
Published
2009-10-16
Updated
2017-08-17

CVE-2009-3696

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.
Max CVSS
4.3
EPSS Score
0.33%
Published
2009-10-16
Updated
2017-08-17

CVE-2009-2284

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
Max CVSS
4.3
EPSS Score
0.28%
Published
2009-07-01
Updated
2009-08-07

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
Max CVSS
7.5
EPSS Score
2.92%
Published
2009-04-16
Updated
2009-04-28

CVE-2009-1151

Known exploited
Public exploit
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
Max CVSS
7.5
EPSS Score
80.59%
Published
2009-03-26
Updated
2018-10-10
CISA KEV Added
2022-03-25

CVE-2009-1150

Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.
Max CVSS
4.3
EPSS Score
0.32%
Published
2009-03-26
Updated
2009-07-15

CVE-2009-1149

CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
Max CVSS
7.5
EPSS Score
1.11%
Published
2009-03-26
Updated
2009-04-16

CVE-2009-1148

Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).
Max CVSS
5.0
EPSS Score
0.44%
Published
2009-03-26
Updated
2009-04-16
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close