CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

CVE-2009-1149

CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...

CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

CVE-2007-5976

SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...

CVE-2008-5621

Cross-site request forgery CSRF vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tblstructure.php with a modified table parameter. NOTE: other unspecified pages are also...

CVE-2008-4326

The PMAescapeJsString function in libraries/jsescape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via a NUL byte inside a "...

CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

CVE-2008-3456

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

CVE-2008-2960

Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...

CVE-2008-3032

Cross-site scripting XSS vulnerability in the phpMyAdmin phpmyadmin extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

CVE-2008-1567

phpMyAdmin before 2.11.5.1 stores the MySQL 1 username and 2 password, and the 3 Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information...

Fedora Update for phpMyAdmin FEDORA-2019-6404181bf9

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for phpMyAdmin FEDORA-2019-3b5a7abe17

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: phpMyAdmin-4.9.1-1.fc30

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 29 Update: phpMyAdmin-4.9.1-1.fc29

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Fedora 29 : phpMyAdmin (2019-3b5a7abe17)

Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...

Fedora 30 : phpMyAdmin (2019-6404181bf9)

Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...

openSUSE Security Update : phpMyAdmin (openSUSE-2019-2211)

This update for phpMyAdmin to 4.9.1 fixes the following issues : Security issue fixed : - CVE-2019-12922: Fixed CSRF issue that allowed deletion of any server in the Setup page. boo1150914 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...