Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@3.5.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2ae2-s3dp-b7g2
Aliases: CVE-2012-4579 GHSA-q7v2-w38r-pv7v |
phpMyAdmin Multiple XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. |
Affected by 0 other vulnerabilities. |
|
VCID-57hj-3vk6-a3dk
Aliases: CVE-2013-3239 GHSA-gg36-9346-9qx9 |
phpMyAdmin Remote Code Execution phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. |
Affected by 0 other vulnerabilities. |
|
VCID-6prg-vq7d-dfcc
Aliases: CVE-2013-4997 GHSA-5gh4-v2ch-pcx4 |
phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value. |
Affected by 0 other vulnerabilities. |
|
VCID-hffe-weqz-p7bt
Aliases: CVE-2012-5368 GHSA-xpxp-v33m-5jp9 |
phpMyAdmin Unsafe Fetching of Javascript Code phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. |
Affected by 0 other vulnerabilities. |
|
VCID-qzk4-3xtf-r3g4
Aliases: CVE-2012-4345 GHSA-r3pq-mp8v-cp33 |
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. |
Affected by 0 other vulnerabilities. |
|
VCID-tg3n-aa68-fufj
Aliases: CVE-2012-5339 GHSA-rfpg-2fp8-2fph |
phpMyAdmin multiple cross-site scripting vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. |
Affected by 0 other vulnerabilities. |
|
VCID-tzn2-z2yc-7ue7
Aliases: CVE-2013-5002 GHSA-p632-5w74-x8xx |
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value Cross-site scripting (XSS) vulnerability in `libraries/schema/Export_Relation_Schema.class.php` in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. |
Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 18 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||