Phpmyadmin : Security Vulnerabilities, CVEs, Published In March 2008
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
Max CVSS
5.5
EPSS Score
0.04%
Published
2008-03-31
Updated
2024-02-14
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
Max CVSS
5.1
EPSS Score
0.24%
Published
2008-03-04
Updated
2017-08-08
2 vulnerabilities found