GHSA-GMC7-JVV7-W245 phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function...

phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function...

phpMyAdmin unsafely handles temporary files

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

GHSA-9645-6G72-2PV8 phpMyAdmin unsafely handles temporary files

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

GHSA-V6FW-XF2C-8Q43 phpMyAdmin Open Redirect in redirector

Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

phpMyAdmin Open Redirect in redirector

Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

GHSA-Q7V2-W38R-PV7V phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations 1 TRUNCATE or 2 DROP link for a crafted table name, 3 the Add Trigger popup within a Triggers page that references...

phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations 1 TRUNCATE or 2 DROP link for a crafted table name, 3 the Add Trigger popup within a Triggers page that references...

phpMyAdmin Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to 1 libraries/tbllinks.inc.php and...

GHSA-4Q58-5X28-53WV phpMyAdmin Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to 1 libraries/tbllinks.inc.php and...

GHSA-9J9H-CPGC-8356 phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

phpMyAdmin multiple cross-site scripting vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of 1 an event, 2 a procedure, or 3 a trigger...

phpMyAdmin Unsafe Fetching of Javascript Code

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by modifying this code...

GHSA-RFPG-2FP8-2FPH phpMyAdmin multiple cross-site scripting vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of 1 an event, 2 a procedure, or 3 a trigger...

GHSA-XPXP-V33M-5JP9 phpMyAdmin Unsafe Fetching of Javascript Code

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by modifying this code...

phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page

Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...

GHSA-R3PQ-MP8V-CP33 phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page

Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...

phpMyAdmin Global variables scope injection vulnerability

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

GHSA-X962-W72P-MV7Q phpMyAdmin Global variables scope injection vulnerability

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...