CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

CVE-2007-5976

SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...

pMyAdmin 3.3.5.1 'db_create.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38707/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

CVE-2008-3197

CVE-2008-3197 affects phpMyAdmin prior to 2.11.7.1, introducing a cross-site request forgery (CSRF) that enables unauthorized actions via links or image tags. The CSRF targets (1) the db parameter in the “Creating a Database” function (db_create.php) and (2) convcharset and collation_connection r...

phpMyAdmin DB_Create.PHP多个输入验证漏洞

BUGTRAQ ID: 26512 CVE ID:CVE-2007-5976 CVE-2007-5977 CNCVE ID:CNCVE-20075977 phpMyAdmin是一款基于WEB的MySQL管理程序。 phpMyAdmin DBCreate.PHP存在多个输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 问题是由于DBCreate.PHP对参数缺少充分过滤，提交恶意脚本代码作为参数数据，并诱使用户解析，可导致恶意脚本代码在目标用户浏览器上执行。 RedHat Fedora 7 0 phpMyAdmin phpMyAdmin 2.11.1 phpMyAdmi...

Cross site scripting

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

CVE-2006-6942

Multiple cross-site scripting XSS vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via 1 a comment for a table name, as exploited through a dboperations.php, 2 the db parameter to b dbcreate.php, 3 the newname parameter to dboperations.php...

CVE-2006-6942

Multiple cross-site scripting XSS vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via 1 a comment for a table name, as exploited through a dboperations.php, 2 the db parameter to b dbcreate.php, 3 the newname parameter to dboperations.php...