| Max CVSS | 8.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-1567 | 2.1 |
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
|
14-02-2024 - 15:31 | 31-03-2008 - 22:44 | |
| CVE-2008-5432 | 4.3 |
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
|
01-12-2020 - 14:43 | 11-12-2008 - 15:30 | |
| CVE-2008-5621 | 6.0 |
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table
|
29-09-2017 - 01:32 | 17-12-2008 - 02:30 | |
| CVE-2008-4096 | 8.5 |
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_func
|
08-08-2017 - 01:32 | 18-09-2008 - 15:04 | |
| CVE-2008-3197 | 3.5 |
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) th
|
08-08-2017 - 01:31 | 16-07-2008 - 18:41 | |
| CVE-2008-2960 | 2.6 |
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libr
|
08-08-2017 - 01:31 | 02-07-2008 - 17:14 | |
| CVE-2008-1924 | 3.5 |
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir v
|
08-08-2017 - 01:30 | 23-04-2008 - 16:05 | |
| CVE-2008-1149 | 5.1 |
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by usin
|
08-08-2017 - 01:29 | 04-03-2008 - 23:44 | |
| CVE-2008-4326 | 4.3 |
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte in
|
08-03-2011 - 03:12 | 30-09-2008 - 16:13 |