CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
98.8%
Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly
managed input in the form of passwords. An attacker could use this
vulnerability to cause a denial-of-service (DoS). This issue only
affected Ubuntu 14.04 ESM. (CVE-2014-9218)
Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize
input in the form of database names in the PHP Array export feature.
An authenticated attacker could use this vulnerability to run arbitrary
PHP commands. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2016-6609)
Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize
input. An attacker could use this vulnerability to execute SQL injection
attacks. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2016-6619)
Emanuel Bronshtein discovered that phpMyadmin failed to properly sanitize
input. An authenticated attacker could use this vulnerability to cause a
denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM and
Ubuntu 16.04 ESM. (CVE-2016-6630)
Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize
input. An attacker could use this vulnerability to bypass AllowRoot
restrictions and deny rules for usernames. This issue only affected Ubuntu
14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-9849)
Emanuel Bronshtein discovered that phpMyAdmin would allow sensitive
information to be leaked when the argument separator in a URL was
not the default & value. An attacker could use this vulnerability to
obtain the CSRF token of a user. This issue only affected Ubuntu
14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-9866)
Isaac Bennetch discovered that phpMyAdmin was incorrectly restricting
user access due to the behavior of the substr function on some PHP
versions. An attacker could use this vulnerability to bypass login
restrictions established for users that have no password set. This
issue only affected Ubuntu 14.04 ESM. This issue only affected Ubuntu
14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-18264)
Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize
input in the form of parameters sent during a table editing operation. An
attacker could use this vulnerability to trigger an endless recursion
and cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04
ESM and Ubuntu 16.04 ESM. (CVE-2017-1000014)
Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize
input used to generate a web page. An authenticated attacker could use this
vulnerability to execute CSS injection attacks. This issue only affected
Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-1000015)
It was discovered that phpMyAdmin incorrectly handled certain input. An
attacker could use this vulnerability to execute a cross-site scripting (XSS)
attack via a crafted URL. This issue only affected Ubuntu 16.04 ESM.
(CVE-2018-7260)
It was discovered phpMyAdmin incorrectly handled database names. An
attacker could possibly use this to trigger a cross-site scripting
attack. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2018-12581)
Daniel Le Gall discovered that phpMyAdmin would expose sensitive
information to unauthorized actors due to an error in its transformation
feature. An authenticated attacker could use this vulnerability to leak
the contents of a local file. This issue only affected Ubuntu 14.04 ESM
and Ubuntu 16.04 ESM. (CVE-2018-19968)
It was discovered that phpMyAdmin incorrectly handled user input. An
attacker could possibly use this to perform a cross-site scripting attack.
This issue only affected Ubuntu 16.04 ESM. (CVE-2018-19970)
It was discovered that phpMyAdmin failed to properly sanitize input. An
attacker could use this vulnerability to execute an SQL injection attack
via a specially crafted database name. This issue only affected Ubuntu
16.04 ESM. (CVE-2019-11768)
It was discovered that phpMyAdmin incorrectly handled some requests. An
attacker could possibly use this to perform a cross site request forgery
attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-12616)
It was discovered that phpMyAdmin incorrectly handled some requests. An
attacker could possibly use this to perform a cross site request forgery
attack. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM.
(CVE-2019-12922)
It was discovered that phpMyAdmin failed to properly sanitize input. An
attacker could use this vulnerability to execute an SQL injection attack
via a specially crafted username. This issue only affected Ubuntu 16.04 ESM.
(CVE-2019-6798)
It was discovered that phpMyAdmin did not properly sanitize certain input.
An attacker could use this vulnerability to possibly execute an HTML injection
or a cross-site scripting (XSS) attack. This issue only affected Ubuntu 14.04
ESM and Ubuntu 16.04 ESM. (CVE-2019-19617)
CSW Research Labs discovered that phpMyAdmin failed to properly sanitize
input. An attacker could use this vulnerability to execute SQL injection
attacks. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-5504)
Giwan Go and Yelang Lee discovered that phpMyAdmin was vulnerable to an
XSS attack in the transformation feature. If a victim were to click on a
crafted link, an attacker could run malicious JavaScript on the victimโs
system. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2020-26934)
Andre Sรก discovered that phpMyAdmin incorrectly handled certain SQL
statements in the search feature. A remote, authenticated attacker could
use this to inject malicious SQL into a query. This issue only affected
Ubuntu 20.04 ESM. (CVE-2020-26935)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 20.04 | noarch | phpmyadmin | <ย 4:4.9.5+dfsg1-2ubuntu0.1~esm1 | UNKNOWN |
Ubuntu | 20.04 | noarch | phpmyadmin | <ย 4:4.9.5+dfsg1-2 | UNKNOWN |
Ubuntu | 18.04 | noarch | phpmyadmin | <ย 4:4.6.6-5ubuntu0.5+esm1 | UNKNOWN |
Ubuntu | 18.04 | noarch | phpmyadmin | <ย 4:4.6.6-5ubuntu0.5 | UNKNOWN |
Ubuntu | 16.04 | noarch | phpmyadmin | <ย 4:4.5.4.1-2ubuntu2.1+esm6 | UNKNOWN |
Ubuntu | 16.04 | noarch | phpmyadmin | <ย 4:4.5.4.1-2ubuntu2.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | phpmyadmin | <ย 4:4.0.10-1ubuntu0.1+esm4 | UNKNOWN |
Ubuntu | 14.04 | noarch | phpmyadmin | <ย 4:4.0.10-1ubuntu0.1 | UNKNOWN |
ubuntu.com/security/CVE-2014-9218
ubuntu.com/security/CVE-2016-6609
ubuntu.com/security/CVE-2016-6619
ubuntu.com/security/CVE-2016-6630
ubuntu.com/security/CVE-2016-9849
ubuntu.com/security/CVE-2016-9866
ubuntu.com/security/CVE-2017-1000014
ubuntu.com/security/CVE-2017-1000015
ubuntu.com/security/CVE-2017-18264
ubuntu.com/security/CVE-2018-12581
ubuntu.com/security/CVE-2018-19968
ubuntu.com/security/CVE-2018-19970
ubuntu.com/security/CVE-2018-7260
ubuntu.com/security/CVE-2019-11768
ubuntu.com/security/CVE-2019-12616
ubuntu.com/security/CVE-2019-12922
ubuntu.com/security/CVE-2019-19617
ubuntu.com/security/CVE-2019-6798
ubuntu.com/security/CVE-2020-26934
ubuntu.com/security/CVE-2020-26935
ubuntu.com/security/CVE-2020-5504
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
98.8%