| Max CVSS | 5.1 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-1567 | 2.1 |
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
|
14-02-2024 - 15:31 | 31-03-2008 - 22:44 | |
| CVE-2008-2960 | 2.6 |
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libr
|
08-08-2017 - 01:31 | 02-07-2008 - 17:14 | |
| CVE-2008-1924 | 3.5 |
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir v
|
08-08-2017 - 01:30 | 23-04-2008 - 16:05 | |
| CVE-2008-1149 | 5.1 |
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by usin
|
08-08-2017 - 01:29 | 04-03-2008 - 23:44 |