Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@3.4.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-19nn-dc48-nqdw
Aliases: CVE-2011-2718 GHSA-xhqq-554j-p4x8 |
Multiple vulnerabilities were found in phpMyAdmin, the most severe of which allows the execution of arbitrary PHP code. |
Affected by 0 other vulnerabilities. |
|
VCID-46c2-r8g1-13ez
Aliases: CVE-2012-4345 GHSA-r3pq-mp8v-cp33 |
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9xb8-kz1v-43bt
Aliases: CVE-2011-2506 GHSA-p6h7-29r2-g88f |
Improper Control of Generation of Code ('Code Injection') setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. |
Affected by 0 other vulnerabilities. |
|
VCID-ejnb-3ya3-uqa6
Aliases: CVE-2011-1940 GHSA-4q58-5x28-53wv |
phpMyAdmin Vulnerable to Cross-Site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. |
Affected by 0 other vulnerabilities. |
|
VCID-jypm-yg7x-p3cn
Aliases: CVE-2011-4107 GHSA-q4mm-89q2-xffg |
Improper Restriction of XML External Entity Reference The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. |
Affected by 0 other vulnerabilities. |
|
VCID-kb9j-j8s4-3kbd
Aliases: CVE-2011-4634 GHSA-9j9h-cpgc-8356 |
Multiple vulnerabilities were found in phpMyAdmin, the most severe of which allows the execution of arbitrary PHP code. |
Affected by 0 other vulnerabilities. |
|
VCID-kdu8-dzvr-fubc
Aliases: CVE-2011-3591 GHSA-3p87-w3c5-27gf |
phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) `js/functions.js` and (2) `js/tbl_structure.js`. |
Affected by 0 other vulnerabilities. |
|
VCID-qrm9-716c-2ybp
Aliases: CVE-2011-2505 GHSA-vqcm-r62w-w437 |
Improper Control of Generation of Code ('Code Injection') libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability." |
Affected by 0 other vulnerabilities. |
|
VCID-vnwc-dh5c-9yex
Aliases: CVE-2011-3592 GHSA-5p69-rmx8-7gw7 |
phpMyAdmin Multiple XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in the `PMA_unInlineEditRow` function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation. |
Affected by 0 other vulnerabilities. |
|
VCID-wwm8-s1z9-23fg
Aliases: CVE-2011-1941 GHSA-v6fw-xf2c-8q43 |
phpMyAdmin Open Redirect in redirector Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-z6t5-jasy-vbfs
Aliases: CVE-2011-2508 GHSA-q6vw-39cg-wjjf |
phpMyAdmin Directory Traversal vulnerability Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. |
Affected by 0 other vulnerabilities. |
|
VCID-znfm-ak2t-mqdd
Aliases: CVE-2020-10803 GHSA-fcww-8wvc-38q9 |
phpMyAdmin SQL injection vulnerability In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. |
Affected by 6 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-ztma-5k5p-7yda
Aliases: CVE-2011-4782 GHSA-2h23-c973-x63q |
phpMyAdmin Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||