MidnightBSD

Advisories for phppgadmin

CVE-2001-0479 HIGH

Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phppgadmin phppgadmin 2.2
phppgadmin phppgadmin 2.2.1
CVE-2005-2256 MEDIUM

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phppgadmin phppgadmin 3.4
phppgadmin phppgadmin 3.2
phppgadmin phppgadmin 3.5.3
phppgadmin phppgadmin 3.3
phppgadmin phppgadmin 3.4.1
phppgadmin phppgadmin 3.1
CVE-2011-3598 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phppgadmin phppgadmin 3.4
phppgadmin phppgadmin 5.0.0
phppgadmin phppgadmin 5.0.1
phppgadmin phppgadmin 2.2.1
phppgadmin phppgadmin 3.5.3
phppgadmin phppgadmin 4.1.1
phppgadmin phppgadmin 3.4.1
phppgadmin phppgadmin 4.2.1
phppgadmin phppgadmin 3.2
phppgadmin phppgadmin 2.2
phppgadmin phppgadmin 3.5.2
phppgadmin phppgadmin 4.2.3
phppgadmin phppgadmin 3.3
phppgadmin phppgadmin *
phppgadmin phppgadmin 3.1
phppgadmin phppgadmin 3.5
phppgadmin phppgadmin 4.2.2