12 matches found
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : phpMyAdmin vulnerabilities (USN-4843-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4843-1 advisory. Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could us...
USN-4639-1: phpMyAdmin vulnerabilities
It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. CVE-2018-19968 It was discovered that phpMyAdmin incorrectly handled user input. An...
openSUSE Security Update : phpMyAdmin (openSUSE-2019-1009)
This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245 : - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...
PhpMyAdmin tbl_replace.php Local File Inclusion (CVE-2018-19968)
A local file inclusion vulnerability exists in phpMyAdmin. The vulnerability is due to improper sanitization of a column in the column info table. A remote, authenticated attacker could exploit this vulnerability by sending a request with crafted SQL statements to the target server. Successful...
[SECURITY] [DLA 1658-1] phpmyadmin security update
Package : phpmyadmin Version : 4:4.2.12-2+deb8u4 CVE ID : CVE-2018-19968 CVE-2018-19970 A couple of vulnerabilities have been discovered in phpmyadmin, MySQL web administration tool. CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an...
openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2018:4124-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2018:4124-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for phpMyAdmin (moderate)
This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245: - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...
phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities (PMASA-2018-6, PMASA-2018-8) - Windows
phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-19968
CVE-2018-19968 affects phpMyAdmin prior to 4.8.4. An attacker can leak the contents of a local file due to an error in the transformation feature. Exploitation requires access to the phpMyAdmin Configuration Storage tables (which can be created by the attacker in any database they can access) and...
phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities (PMASA-2018-6) (PMASA-2018-8)
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.x prior to 4.8.4. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in the transformation feature. An authenticated, remote attacker c...
Local file inclusion through transformation feature
PMASA-2018-6 Announcement-ID: PMASA-2018-6 Date: 2018-12-07 Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration...