Debian Phpmyadmin vulnerabilities

270 known vulnerabilities affecting debian/phpmyadmin.

Total CVEs
270
CISA KEV
1
actively exploited
Public exploits
41
Exploited in wild
3
Severity breakdown
CRITICAL18HIGH27MEDIUM95LOW130

Vulnerabilities

Page 14 of 14
CVE-2005-0459LOWCVSS 5.0fixed in phpmyadmin 4:2.6.2 (bookworm)2005
CVE-2005-0459 [MEDIUM] CVE-2005-0459: phpmyadmin - phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to ... phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. Scope: local bookworm: resolved (fixed in 4:2.6.2) bullseye: resolved (fixed in 4:2.6.2) forky: resolved (fixed in 4:2.6.2) sid: resolved (fixed in 4:2.6
debian
CVE-2005-4079LOWCVSS 5.02005
CVE-2005-4079 [MEDIUM] CVE-2005-4079: phpmyadmin - The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers t... The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2005-1392LOWCVSS 4.62005
CVE-2005-1392 [MEDIUM] CVE-2005-1392: phpmyadmin - The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permis... The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2004-1147CRITICALCVSS 10.0PoCfixed in phpmyadmin 2:2.6.1-rc1-1 (bookworm)2004
CVE-2004-1147 [CRITICAL] CVE-2004-1147: phpmyadmin - phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformat... phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. Scope: local bookworm: resolved (fixed in 2:2.6.1-rc1-1) bullseye: resolved (fixed in 2:2.6.1-rc1-1) forky: resolved (fixed in 2:2.6.1-rc1-1) sid: resolved (fixed in 2:2.6.1-rc1-1) trixie:
debian
CVE-2004-2632HIGHCVSS 7.5fixed in phpmyadmin 1:2.5.7-pl1-1 (bookworm)2004
CVE-2004-2632 [HIGH] CVE-2004-2632: phpmyadmin - phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration set... phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. Scope: local bookworm: resolved (fixed in 1:2.5.7-pl1-1) bullseye: resolved (fixed in 1:2.5.7-pl1-1) forky: resolved (fixed in 1:2.5.7-pl1-1) sid: resolved (fixed in 1:2.5.7-pl1-1) trixie: resolv
debian
CVE-2004-2631HIGHCVSS 7.5PoCfixed in phpmyadmin 1:2.5.7-pl1-1 (bookworm)2004
CVE-2004-2631 [HIGH] CVE-2004-2631: phpmyadmin - Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when L... Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. Scope: local bookworm: resolved (fixed in 1:2.5.7-pl1-1) bullseye: resolved (fixed in 1:2.5.7-pl1-1) forky: resolved (fixed in 1:2.5.7-pl1-1) sid: resolved (fixed in 1:2.5.7-pl1-1) tr
debian
CVE-2004-2630HIGHCVSS 7.5fixed in phpmyadmin 2:2.6.0-pl2-1 (bookworm)2004
CVE-2004-2630 [HIGH] CVE-2004-2630: phpmyadmin - The MIME transformation system (transformations/text_plain__external.inc.php) in... The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Scope: local bookworm: resolved (fixed in 2:2.6.0-pl2-1) bullseye: resolved (fixed in 2:2.6.0-pl2-1) forky: resolved (fixed in 2:2.6.0-pl2-1) sid: res
debian
CVE-2004-1055MEDIUMCVSS 6.8fixed in phpmyadmin 2:2.6.0-pl3-1 (bookworm)2004
CVE-2004-1055 [MEDIUM] CVE-2004-1055: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and ... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. Scope: local bookworm: resolved (fixed i
debian
CVE-2004-0129MEDIUMCVSS 5.0PoCfixed in phpmyadmin 2:2.6.0-pl2 (bookworm)2004
CVE-2004-0129 [MEDIUM] CVE-2004-0129: phpmyadmin - Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier ... Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. Scope: local bookworm: resolved (fixed in 2:2.6.0-pl2) bullseye: resolved (fixed in 2:2.6.0-pl2) forky: resolved (fixed in 2:2.6.0-pl2) sid: resolved (fixed in 2:2.6.0-pl2) trixie: resolv
debian
CVE-2004-1148MEDIUMCVSS 5.0fixed in phpmyadmin 2:2.6.1-rc1-1 (bookworm)2004
CVE-2004-1148 [MEDIUM] CVE-2004-1148: phpmyadmin - phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows re... phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. Scope: local bookworm: resolved (fixed in 2:2.6.1-rc1-1) bullseye: resolved (fixed in 2:2.6.1-rc1-1) forky: resolved (fixed in 2:2.6.1-rc1-1) sid: resolved (fixed in 2:2.6.1-rc1-1) trixie: resolved (fixed in 2:2.6
debian
← Previous14 / 14