Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmyadmin phpmyadmin 2.11.5.1 vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2008-1567
phpMyAdmin prior to 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
Phpmyadmin Phpmyadmin
Debian Debian Linux 4.0
Fedoraproject Fedora 8
Fedoraproject Fedora 7
Opensuse Opensuse 10.2
Opensuse Opensuse 11.0
Opensuse Opensuse 10.3
NA
CVE-2014-1879
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin prior to 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.4.5.0
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 1.2.1
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 1.2.7
Phpmyadmin Phpmyadmin 3.5.4
Phpmyadmin Phpmyadmin 4.1.2
Phpmyadmin Phpmyadmin 3.4.0.0
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 1.0.1
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 1.0.8
Phpmyadmin Phpmyadmin 3.5.8.2
Phpmyadmin Phpmyadmin 3.5.2.2
Phpmyadmin Phpmyadmin 1.0.2
Phpmyadmin Phpmyadmin 1.2.5
Phpmyadmin Phpmyadmin 3.4.10.0
Phpmyadmin Phpmyadmin 2.11.5.0
NA
CVE-2011-2642
Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin prior to 3.3.10.3 and 3.4.x prior to 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.8.0
NA
CVE-2011-0986
phpMyAdmin 2.11.x prior to 2.11.11.2, and 3.3.x prior to 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote malicious users to obtain the installation path via a direct request for a nonexistent file.
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.8.0
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 2.11.11
NA
CVE-2011-0987
The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x prior to 2.11.11.3, and 3.3.x prior to 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL que...
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 2.11.11.2
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.8.0
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
NA
CVE-2010-4481
phpMyAdmin prior to 3.4.0-beta1 allows remote malicious users to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.8.0
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
NA
CVE-2010-4329
Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x prior to 2.11.11.1 and 3.x prior to 3.3.8.1 allows remote malicious users to inject arbitrary web script or HTML via a cra...
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.8.0
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 2.11.11
Phpmyadmin Phpmyadmin 2.11.4.0
NA
CVE-2010-3055
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x prior to 2.11.10.1 does not properly restrict key names in its output file, which allows remote malicious users to execute arbitrary PHP code via a crafted POST request.
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.8.0
Phpmyadmin Phpmyadmin 2.11.4.0
Phpmyadmin Phpmyadmin 2.11.2.1
Phpmyadmin Phpmyadmin 2.11.9.5
Phpmyadmin Phpmyadmin 2.11.10.0
Phpmyadmin Phpmyadmin 2.11.6.0
Phpmyadmin Phpmyadmin 2.11.7.0
Phpmyadmin Phpmyadmin 2.11.9.6
Phpmyadmin Phpmyadmin 2.11.2.0
Phpmyadmin Phpmyadmin 2.11.9.2
Phpmyadmin Phpmyadmin 2.11.9.3
Phpmyadmin Phpmyadmin 2.11.1.1
Phpmyadmin Phpmyadmin 2.11.9.4
Phpmyadmin Phpmyadmin 2.11.7.1
Phpmyadmin Phpmyadmin 2.11.3.0
NA
CVE-2010-3056
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x prior to 2.11.10.1 and 3.x prior to 3.3.5.1 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages...
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.8.0
Phpmyadmin Phpmyadmin 2.11.4.0
Phpmyadmin Phpmyadmin 2.11.2.1
Phpmyadmin Phpmyadmin 2.11.9.5
Phpmyadmin Phpmyadmin 2.11.10.0
Phpmyadmin Phpmyadmin 2.11.6.0
Phpmyadmin Phpmyadmin 2.11.7.0
Phpmyadmin Phpmyadmin 2.11.9.6
Phpmyadmin Phpmyadmin 2.11.2.0
Phpmyadmin Phpmyadmin 2.11.9.2
Phpmyadmin Phpmyadmin 2.11.9.3
Phpmyadmin Phpmyadmin 2.11.1.1
Phpmyadmin Phpmyadmin 2.11.9.4
Phpmyadmin Phpmyadmin 2.11.7.1
Phpmyadmin Phpmyadmin 2.11.3.0
NA
CVE-2008-7251
libraries/File.class.php in phpMyAdmin 2.11.x prior to 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
Phpmyadmin Phpmyadmin 2.11.4
Phpmyadmin Phpmyadmin 2.11.0rc1
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.3rc1
Phpmyadmin Phpmyadmin 2.11.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 2.11.6rc1
Phpmyadmin Phpmyadmin 2.11.1rc1
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 2.11.0
Phpmyadmin Phpmyadmin 2.11.2
Phpmyadmin Phpmyadmin 2.11.7
Phpmyadmin Phpmyadmin 2.11.5
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.4rc1
Phpmyadmin Phpmyadmin 2.11.5rc1
Phpmyadmin Phpmyadmin 2.11.8
Phpmyadmin Phpmyadmin 2.11.4.0
Phpmyadmin Phpmyadmin 2.11.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »