Debian Phpmyadmin vulnerabilities

270 known vulnerabilities affecting debian/phpmyadmin.

Total CVEs

270

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL18HIGH27MEDIUM95LOW130

Vulnerabilities

Page 11 of 14

CVE-2009-3696MEDIUMCVSS 4.3fixed in phpmyadmin 4:3.2.2.1-1 (bookworm)2009

CVE-2009-3696 [MEDIUM] CVE-2009-3696: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 an... Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. Scope: local bookworm: resolved (fixed in 4:3.2.2.1-1) bullseye: resolved (fixed in 4:3.2.2.1-1) forky: resolved (fixed in 4:3.2.2.1-1) sid: resolved (fixed in 4:3

debian

CVE-2009-4605MEDIUMCVSS 5.0fixed in phpmyadmin 4:3.2.4-1 (bookworm)2009

CVE-2009-4605 [MEDIUM] CVE-2009-4605: phpmyadmin - scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 cal... scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. Scope: local bookworm: resolved (fixed in 4:3.2.4-1) bullseye: resolved (fixed i

debian

CVE-2009-1285LOWCVSS 7.5fixed in phpmyadmin 4:3.1.3.2-1 (bookworm)2009

CVE-2009-1285 [HIGH] CVE-2009-1285: phpmyadmin - Static code injection vulnerability in the getConfigFile function in setup/lib/C... Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files. Scope: local bookworm: resolved (fixed in 4:3.1.3.2-1) bullseye: resolved (fixed in 4:3.1.3.2-1) forky: resolved (fixed in 4:3.1.3.2-1) sid: resolved (fixe

debian

CVE-2008-7252CRITICALCVSS 10.0fixed in phpmyadmin 4:3.0.0-1 (bookworm)2008

CVE-2008-7252 [CRITICAL] CVE-2008-7252: phpmyadmin - libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable fi... libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. Scope: local bookworm: resolved (fixed in 4:3.0.0-1) bullseye: resolved (fixed in 4:3.0.0-1) forky: resolved (fixed in 4:3.0.0-1) sid: resolved (fixed in 4:3.0.0-1) trixie: resolved (fixed in 4:3.0.0-1)

debian

CVE-2008-7251CRITICALCVSS 10.0fixed in phpmyadmin 4:3.0.0-1 (bookworm)2008

CVE-2008-7251 [CRITICAL] CVE-2008-7251: phpmyadmin - libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary... libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. Scope: local bookworm: resolved (fixed in 4:3.0.0-1) bullseye: resolved (fixed in 4:3.0.0-1) forky: resolved (fixed in 4:3.0.0-1) sid: resolved (fixed in 4:3.0.0-1) trixie: resolved (fixed in 4:3.0.0-1)

debian

CVE-2008-4096MEDIUMCVSS 8.5PoCfixed in phpmyadmin 4:2.11.8.1-2 (bookworm)2008

CVE-2008-4096 [HIGH] CVE-2008-4096: phpmyadmin - libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote... libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. Scope: local bookworm: resolved (fixed in 4:2.11.8.1-2) bullseye: resolved (fixed in 4:2.11.8.1-2) forky: resol

debian

CVE-2008-5621MEDIUMCVSS 6.0PoCfixed in phpmyadmin 4:2.11.8.1-5 (bookworm)2008

CVE-2008-5621 [MEDIUM] CVE-2008-5621: phpmyadmin - Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11... Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be l

debian

CVE-2008-1567MEDIUMCVSS 5.5fixed in phpmyadmin 2.11.5.1 (bookworm)2008

CVE-2008-1567 [MEDIUM] CVE-2008-1567: phpmyadmin - phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and t... phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. Scope: local bookworm: resolved (fixed in 2.11.5.1) bullseye: resolved (fixed in 2.11.5.1) forky: resolved (fixed in 2.11.5.1) sid: resolved (fixed in 2.11.

debian

CVE-2008-4326MEDIUMCVSS 4.3fixed in phpmyadmin 4:2.11.8.1-3 (bookworm)2008

CVE-2008-4326 [MEDIUM] CVE-2008-4326: phpmyadmin - The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin bef... The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. Scope: local bookworm: resolved (fixed in 4:2.11.8.1-3) bullseye: resolved (fixed in 4:

debian

CVE-2008-1924LOWCVSS 3.5fixed in phpmyadmin 4:2.11.5.2-1 (bookworm)2008

CVE-2008-1924 [LOW] CVE-2008-1924: phpmyadmin - Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared ... Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. Scope: local bookworm: resolved (fixed in 4:2.11.5.2-1) bullseye: resolved (fixed in 4:2.11.5.2-1) forky: res

debian

CVE-2008-3197LOWCVSS 3.5fixed in phpmyadmin 4:2.11.7.1-1 (bookworm)2008

CVE-2008-3197 [LOW] CVE-2008-3197: phpmyadmin - Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 al... Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection chara

debian

CVE-2008-1149LOWCVSS 5.1fixed in phpmyadmin 4:2.11.5-1 (bookworm)2008

CVE-2008-1149 [MEDIUM] CVE-2008-1149: phpmyadmin - phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of... phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. Scope: local bookworm: resolved (fixed in 4:2.11.5-1) bullseye: resolved (fixed in 4:2.11.5-1) f

debian

CVE-2008-2960LOWCVSS 2.6fixed in phpmyadmin 4:2.11.7~rc2-1 (bookworm)2008

CVE-2008-2960 [LOW] CVE-2008-2960: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when regis... Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. Scope: local bookworm: resolved (fixed in 4:2.11.7~rc2-1) bullseye: resolved (fixed in 4:2.11.7~rc2-1) forky:

debian

CVE-2008-3457LOWCVSS 2.6fixed in phpmyadmin 4:2.11.8~rc1-1 (bookworm)2008

CVE-2008-3457 [LOW] CVE-2008-3457: phpmyadmin - Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.... Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. Scope: local bookworm: resolved (fixed in 4:2.11.8~r

debian

CVE-2008-3456LOWCVSS 6.4fixed in phpmyadmin 4:2.11.8~rc1-1 (bookworm)2008

CVE-2008-3456 [MEDIUM] CVE-2008-3456: phpmyadmin - phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using fram... phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. Scope: local bookworm: resolved (fixed in 4:2.11.8~rc1-1) bullseye: resolved (fixed in 4:2.11.8~rc1-1) forky: resolved (fixed

debian

CVE-2008-4775LOWCVSS 6.8PoCfixed in phpmyadmin 4:2.11.8.1-4 (bookworm)2008

CVE-2008-4775 [MEDIUM] CVE-2008-4775: phpmyadmin - Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and... Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977. Scope: local bookworm: resolved (fixed in 4:2.11.8.1-4

debian

CVE-2007-1395MEDIUMCVSS 4.3fixed in phpmyadmin 4:2.10.0.2-1 (bookworm)2007

CVE-2007-1395 [MEDIUM] CVE-2007-1395: phpmyadmin - Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.... Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase end tag, which bypasses the protection against lowercase . Scope: local bookworm: resolved (fixed in 4:2.

debian

CVE-2007-0341MEDIUMCVSS 4.3fixed in phpmyadmin 4:2.9.1.1-2 (bookworm)2007

CVE-2007-0341 [MEDIUM] CVE-2007-0341: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when M... Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. Scope: local bookworm: resolved (fixed in 4:2.9.1.

debian

CVE-2007-6100MEDIUMCVSS 4.3fixed in phpmyadmin 4:2.11.2.2-1 (bookworm)2007

CVE-2007-6100 [MEDIUM] CVE-2007-6100: phpmyadmin - Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php i... Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. Scope: local bookworm: resolved (fixed in 4:2

debian

CVE-2007-5589MEDIUMCVSS 4.3PoCfixed in phpmyadmin 4:2.11.1.2-1 (bookworm)2007

CVE-2007-5589 [MEDIUM] CVE-2007-5589: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2

debian

← Previous11 / 14Next →