CVE Daily
← All tags

Tag: phpMyAdmin

All CVEs associated with "phpMyAdmin". Page 3/3 • 289 CVEs.

Subscribe CVEs: RSS for “phpMyAdmin”  ·  RSS (High+Critical only)

About “phpMyAdmin”

A curated feed of “phpMyAdmin”-related CVEs appears below. We currently track 289 CVEs for this tag (all time). In the last 365 days, 3 were published. Average CVSS is 6.0 (all time; 8.0 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-284 - Improper Access Control, CWE-306 - Missing Authentication for Critical Function.

In our taxonomy this topic maps to a LOW impact class. Developer and CI or CD tooling touches supply chains and secrets. Patch controllers and agents, enforce SSO or MFA, rotate tokens, isolate runners, and audit plugins. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-03-07
High

CVE-2007-1325

The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a…

CVSS: 7.1 CWE: N/A View on NVD
2007-01-19
Medium

CVE-2006-6942

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2006-6944

phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

CVSS: 7.5 CWE: N/A View on NVD
2007-01-18
Medium

CVE-2007-0341

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript:…

CVSS: 6.8 CWE: N/A View on NVD
2007-01-11
Critical

CVE-2007-0203

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2007-0204

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details…

CVSS: 6.8 CWE: N/A View on NVD
2007-01-05
Medium

CVE-2007-0095

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.

CVSS: 5.0 CWE: N/A View on NVD
2006-12-07
Medium

CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin…

CVSS: 7.5 CWE: N/A View on NVD
2006-12-04
Critical

CVE-2006-6258

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cro…

CVSS: 9.3 CWE: N/A View on NVD
2006-11-04
Medium

CVE-2006-5718

Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, whic…

CVSS: 4.3 CWE: N/A View on NVD
2006-10-03
Medium

CVE-2006-5116

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-5117

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests f…

CVSS: 5.0 CWE: N/A View on NVD
2006-07-06
Medium

CVE-2006-3388

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

CVSS: 5.8 CWE: N/A View on NVD
2006-05-16
Medium

CVE-2006-2417

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lan…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-2418

Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.

CVSS: 6.8 CWE: N/A View on NVD
2006-04-26
Low

CVE-2006-2031

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS: 2.6 CWE: N/A View on NVD
2006-04-18
Medium

CVE-2006-1803

Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2006-1804

SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.

CVSS: 7.5 CWE: N/A View on NVD
2006-04-11
Medium

CVE-2006-1678

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes…

CVSS: 4.3 CWE: N/A View on NVD
2006-03-19
Medium

CVE-2006-1258

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.

CVSS: 4.3 CWE: N/A View on NVD
2005-12-21
High

CVE-2005-4450

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demo…

CVSS: 7.5 CWE: N/A View on NVD
2005-12-19
Medium

CVE-2005-4349

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: t…

CVSS: 6.3 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2005-12-08
Medium

CVE-2005-3665

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2005-4079

The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-24
Medium

CVE-2005-3787

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title pa…

CVSS: 4.3 CWE: N/A View on NVD
2005-11-16
Medium

CVE-2005-3621

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3622

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.

CVSS: 5.0 CWE: N/A View on NVD
2005-10-24
Medium

CVE-2005-3301

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.…

CVSS: 4.3 CWE: N/A View on NVD
2005-10-23
Medium

CVE-2005-3299

PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3300

The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers…

CVSS: 5.0 CWE: N/A View on NVD
2005-09-08
Medium

CVE-2005-2869

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php…

CVSS: 4.3 CWE: N/A View on NVD
2005-05-03
Medium

CVE-2005-1392

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.

CVSS: 4.6 CWE: N/A View on NVD
2005-05-02
Medium

CVE-2005-0459

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP er…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0544

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.ph…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-0567

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Serve…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-0653

phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2005-0992

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.

CVSS: 4.3 CWE: N/A View on NVD
2005-03-01
Medium

CVE-2004-1055

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zer…

CVSS: 6.8 CWE: N/A View on NVD
2005-02-24
Medium

CVE-2005-0543

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in s…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2005-01-10
Critical

CVE-2004-1147

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

CVSS: 5.0 CWE: N/A View on NVD
2004-12-31
High

CVE-2004-2630

The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in uns…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2004-2632

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

CVSS: 7.5 CWE: N/A View on NVD
2004-03-03
Medium

CVE-2004-0129

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.

CVSS: 5.0 CWE: N/A View on NVD
2001-07-31
High

CVE-2001-1060

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in t…

CVSS: 7.5 CWE: N/A View on NVD
2001-06-27
High

CVE-2001-0478

Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.

CVSS: 7.5 CWE: N/A View on NVD