8 matches found
CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
CVE-2010-3263
Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...
CVE-2010-3263
Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...
CVE-2010-2958
CVE-2010-2958 affects phpMyAdmin 3.x before 3.3.6. The vulnerability is a cross-site scripting (XSS) flaw in libraries/Error.class.php triggered by PHP backtrace/error messages, allowing remote attackers to inject arbitrary script/HTML. Exploitation details are documented in the CVE entry; the de...
PhpMyAdmin Config File Code Injection
This module exploits a vulnerability in phpMyAdmin's setup feature which allows an attacker to inject arbitrary PHP code into a configuration file. The original advisory says the vulnerability is present in phpMyAdmin versions 2.11.x 'PhpMyAdmin Config File Code Injection', 'Description' = %q Thi...
Code injection
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...
CVE-2009-1150
Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...
CVE-2008-5621
Cross-site request forgery CSRF vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tblstructure.php with a modified table parameter. NOTE: other unspecified pages are also...