Phpmyadmin : Security Vulnerabilities, CVEs, Published In October 2005
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
Max CVSS
4.3
EPSS Score
0.79%
Published
2005-10-24
Updated
2011-03-08
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.
Max CVSS
5.0
EPSS Score
2.26%
Published
2005-10-23
Updated
2017-07-11
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
Max CVSS
5.0
EPSS Score
2.33%
Published
2005-10-23
Updated
2008-09-05
3 vulnerabilities found