Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Phpmyadmin Subscribe
Total 270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5386 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2007-2016 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
CVE-2006-5718 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.
CVE-2008-2960 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
CVE-2009-1151 2 Debian, Phpmyadmin 2 Debian Linux, Phpmyadmin 2026-04-22 7.5 HIGH 9.8 CRITICAL
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVE-2004-2630 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 7.5 HIGH N/A
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
CVE-2006-1258 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
CVE-2005-0992 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
CVE-2004-1055 2 Gentoo, Phpmyadmin 2 Linux, Phpmyadmin 2026-04-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
CVE-2004-2632 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 7.5 HIGH N/A
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
CVE-2005-2869 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
CVE-2005-0459 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 5.0 MEDIUM N/A
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.
CVE-2004-1147 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 10.0 HIGH N/A
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2006-2418 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.
CVE-2004-1148 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 5.0 MEDIUM N/A
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.
CVE-2005-3787 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.
CVE-2001-0478 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 7.5 HIGH N/A
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
CVE-2004-0129 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 5.0 MEDIUM N/A
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
CVE-2005-0567 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
CVE-2005-3299 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 5.0 MEDIUM N/A
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.