Total
270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0459 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | |||||
| CVE-2004-2632 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 7.5 HIGH | N/A |
| phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | |||||
| CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 7.5 HIGH | N/A |
| Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | |||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 7.5 HIGH | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 5.0 MEDIUM | N/A |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | |||||
| CVE-2004-1147 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 10.0 HIGH | N/A |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2004-1055 | 2 Gentoo, Phpmyadmin | 2 Linux, Phpmyadmin | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. | |||||
| CVE-2004-0129 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. | |||||
| CVE-2001-1060 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 7.5 HIGH | N/A |
| phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. | |||||
| CVE-2001-0478 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | |||||