CVE-2013-4997

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...

CVE-2013-4998

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmdcommon.php and other files...

CVE-2013-4999

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and ErrorHandler.class.php...

CVE-2013-5000

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files...

CVE-2013-5001

Cross-site scripting XSS vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a...

CVE-2013-5002

Cross-site scripting XSS vulnerability in libraries/schema/ExportRelationSchema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schemaexport.php...

CVE-2013-5003

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via 1 the scale parameter to pmdpdf.php or 2 the pdfpagenumber parameter to schemaexport.php...

CVE-2013-4995

CVE-2013-4995 affects phpMyAdmin 3.5.x (<3.5.8.2) and 4.0.x (

CVE-2013-4996

phpMyAdmin 3.5.x (before 3.5.8.2) and 4.0.x (before 4.0.4.2) are affected by CVE-2013-4995 and CVE-2013-4996, which enable remote XSS via crafted database name, user name, navigation logo URL, entries in the proxy list, or content in version.json. The vulnerability arises from input vectors that ...

CVE-2013-4997

CVE-2013-4997 affects phpMyAdmin 3.5.x before 3.5.8.2, enabling remote XSS via a JavaScript event in an anchor to setup/index.php or in the chartTitle value. Impact is arbitrary script execution in the same user context. Remediation: upgrade to phpMyAdmin 3.5.8.2 or newer (per linked advisories)....

CVE-2013-4999

CVE-2013-4999 affects phpMyAdmin 4.0.x prior to 4.0.4.2. An invalid request can disclose the installation path in an error message via Error.class.php/Error_Handler.class.php, enabling information disclosure with network access. The vulnerability has a partial confidentiality impact (as per the N...

CVE-2013-5001

CVE-2013-5001 affects phpMyAdmin 4.0.x before 4.0.4.2. The issue is a Cross-site Scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php that enables remote authenticated users to inject arbitrary web script or HTML via a crafted object ...

CVE-2013-5002

Summary (CVE-2013-5002): phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 contain a cross-site scripting (XSS) vulnerability. An authenticated remote user can inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. The issue arises in libraries/schema/Expo...

CVE-2013-5003

CVE-2013-5003 affects phpMyAdmin 3.5.x < 3.5.8.2 and 4.0.x

CVE-2013-4998

CVE-2013-4998 affects phpMyAdmin, specifically 3.5.x (before 3.5.8.2) and 4.0.x (before 4.0.4.2). The vulnerability allows remote attackers to disclose sensitive information by triggering an error message that reveals the installation path, via pmd_common.php and related files. The issue impacts ...

CVE-2013-5000

CVE-2013-5000 affects phpMyAdmin 3.5.x before 3.5.8.2. The issue is information disclosure via an invalid request that reveals the installation path in an error message, related to config.default.php and other files. The vulnerability allows partial disclosure of sensitive paths when exploited. A...

CVE-2013-4998

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmdcommon.php and other files...

CVE-2013-5000

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files...

CVE-2013-5002

Cross-site scripting XSS vulnerability in libraries/schema/ExportRelationSchema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schemaexport.php...

CVE-2013-5003

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via 1 the scale parameter to pmdpdf.php or 2 the pdfpagenumber parameter to schemaexport.php...