Debian Phpmyadmin vulnerabilities

270 known vulnerabilities affecting debian/phpmyadmin.

Total CVEs

270

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL18HIGH27MEDIUM95LOW130

Vulnerabilities

Page 9 of 14

CVE-2012-1190LOWCVSS 4.3fixed in phpmyadmin 4:3.4.10.1-1 (bookworm)2012

CVE-2012-1190 [MEDIUM] CVE-2012-1190: phpmyadmin - Cross-site scripting (XSS) vulnerability in the replication-setup functionality ... Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name. Scope: local bookworm: resolved (fixed in 4:3.4.10.1-1) bullseye: resolved (fixed in 4:3.4.10.1-1) forky: resolved (fixed

debian

CVE-2012-5368LOWCVSS 4.32012

CVE-2012-5368 [MEDIUM] CVE-2012-5368: phpmyadmin - phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an H... phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2012-5339LOWCVSS 3.52012

CVE-2012-5339 [LOW] CVE-2012-5339: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2012-4345LOWCVSS 3.5fixed in phpmyadmin 4:3.4.11.1-1 (bookworm)2012

CVE-2012-4345 [LOW] CVE-2012-4345: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure pa... Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. Scope: local bookworm: resolved (fixe

debian

CVE-2012-4579LOWCVSS 3.5fixed in phpmyadmin 4:3.4.11.1-1 (bookworm)2012

CVE-2012-4579 [LOW] CVE-2012-4579: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for

debian

CVE-2012-1902LOWCVSS 4.3fixed in phpmyadmin 4:3.4.10.2-1 (bookworm)2012

CVE-2012-1902 [MEDIUM] CVE-2012-1902: phpmyadmin - show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration... show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file. Scope: local bookworm: resolved (fixed in 4:3.4.10.2-1) bullseye: resolved (fixed in 4:3.4.10.2-1) forky

debian

CVE-2011-1940MEDIUMCVSS 4.3fixed in phpmyadmin 4:3.4.1-1 (bookworm)2011

CVE-2011-1940 [MEDIUM] CVE-2011-1940: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. Scope: local bookworm: resolved (fixed i

debian

CVE-2011-2718MEDIUMCVSS 6.0fixed in phpmyadmin 4:3.4.3.2-1 (bookworm)2011

CVE-2011-2718 [MEDIUM] CVE-2011-2718: phpmyadmin - Multiple directory traversal vulnerabilities in the relational schema implementa... Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php. Scope: local bookworm: reso

debian

CVE-2011-0987MEDIUMCVSS 6.5fixed in phpmyadmin 4:3.3.9.2-1 (bookworm)2011

CVE-2011-0987 [MEDIUM] CVE-2011-0987: phpmyadmin - The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x... The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. Scope: local bookworm: resolved (fixed in 4:3.3.9.2-1) bullseye: re

debian

CVE-2011-1941MEDIUMCVSS 4.3fixed in phpmyadmin 4:3.4.1-1 (bookworm)2011

CVE-2011-1941 [MEDIUM] CVE-2011-1941: phpmyadmin - Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before... Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Scope: local bookworm: resolved (fixed in 4:3.4.1-1) bullseye: resolved (fixed in 4:3.4.1-1) forky: resolved (fixed in 4:3.4.1-1) sid: resolved (fixed in 4:3.4

debian

CVE-2011-2505MEDIUMCVSS 6.4PoCfixed in phpmyadmin 4:3.4.3.1-1 (bookworm)2011

CVE-2011-2505 [MEDIUM] CVE-2011-2505: phpmyadmin - libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature i... libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability." Scop

debian

CVE-2011-4107MEDIUMCVSS 6.5PoCfixed in phpmyadmin 4:3.4.7.1-1 (bookworm)2011

CVE-2011-4107 [MEDIUM] CVE-2011-4107: phpmyadmin - The simplexml_load_string function in the XML import plug-in (libraries/import/x... The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. Scope: local bookworm: resolved (fixed in 4:3.4.7.1-1)

debian

CVE-2011-3181MEDIUMCVSS 4.3fixed in phpmyadmin 4:3.4.4-1 (bookworm)2011

CVE-2011-3181 [MEDIUM] CVE-2011-3181: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in p... Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. Scope: local bookworm: resolved (fixed in 4:3.4.4-1) bullseye: resolved (fixed in 4:3.4.4-1) forky: resolved (

debian

CVE-2011-2643MEDIUMCVSS 6.8fixed in phpmyadmin 4:3.4.3.2-1 (bookworm)2011

CVE-2011-2643 [MEDIUM] CVE-2011-2643: phpmyadmin - Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2,... Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. Scope: local bookworm: resolved (fixed in 4:3.4.3.2-1) bullseye: resolved (fixed in 4:3.4.3.2-1) fork

debian

CVE-2011-2508MEDIUMCVSS 6.0fixed in phpmyadmin 4:3.4.3.1-1 (bookworm)2011

CVE-2011-2508 [MEDIUM] CVE-2011-2508: phpmyadmin - Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin... Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. Scope: local bookworm:

debian

CVE-2011-3592LOWCVSS 3.5fixed in phpmyadmin 4:3.4.5-1 (bookworm)2011

CVE-2011-3592 [LOW] CVE-2011-3592: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow f... Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation. Scope: local bookworm: resolved (fixed

debian

CVE-2011-3591LOWCVSS 3.5fixed in phpmyadmin 4:3.4.5-1 (bookworm)2011

CVE-2011-3591 [LOW] CVE-2011-3591: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3... Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js. Scope: local bookworm: resolve

debian

CVE-2011-4782LOWCVSS 4.3fixed in phpmyadmin 4:3.4.9-1 (bookworm)2011

CVE-2011-4782 [MEDIUM] CVE-2011-4782: phpmyadmin - Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.ph... Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Scope: local bookworm: resolved (fixed in 4:3.4.9-1) bullseye: resolved (fixed in 4:3.4.9-1) forky: resolved (fixed in 4:3.4.9-1) sid: resol

debian

CVE-2011-3646LOWCVSS 5.0fixed in phpmyadmin 4:3.4.6-1 (bookworm)2011

CVE-2011-3646 [MEDIUM] CVE-2011-3646: phpmyadmin - phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to o... phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. Scope: local bookworm: resolved (fixed in 4:3.4.6-1) bullseye: resolved (fixed in 4:3.4.6-1) forky: resolved (fixed in 4:3.4.6-1) sid: reso

debian

CVE-2011-2507LOWCVSS 6.5fixed in phpmyadmin 4:3.4.3.1-1 (bookworm)2011

CVE-2011-2507 [MEDIUM] CVE-2011-2507: phpmyadmin - libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyA... libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION supe

debian

← Previous9 / 14Next →