135 matches found
XSS on Insert page
PMASA-2025-2 Announcement-ID: PMASA-2025-2 Date: 2025-01-20 Updated: 2025-01-23 Summary XSS on Insert page Description An XSS vulnerability has been discovered with the phpMyAdmin "Insert" tab. Severity We consider this vulnerability to be of moderate severity. Affected Versions phpMyAdmin versio...
XSS vulnerability in drag-and-drop upload
PMASA-2023-1 Announcement-ID: PMASA-2023-1 Date: 2023-02-07 Summary XSS vulnerability in drag-and-drop upload Description An XSS vulnerability has been discovered where an authenticated user can trigger an XSS attack by uploading a specially-crafted .sql file through the drag-and-drop interface...
Multiple XSS and HTML injection attacks in setup script
PMASA-2022-2 Announcement-ID: PMASA-2022-2 Date: 2022-01-10 Summary Multiple XSS and HTML injection attacks in setup script Description A series of weaknesses has been discovered that could allow an attacker to inject malicious code in to aspects of the setup script, which can allow XSS or HTML...
SQL injection relating to data display
PMASA-2020-4 Announcement-ID: PMASA-2020-4 Date: 2020-03-20 Updated: 2020-03-22 Summary SQL injection relating to data display Description An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. The attac...
SQL injection with processing username
PMASA-2020-2 Announcement-ID: PMASA-2020-2 Date: 2020-03-20 Updated: 2020-03-22 Summary SQL injection with processing username Description An SQL injection vulnerability was found in how phpMyAdmin retrieves the current username. A malicious user with access to the server could create a...
SQL injection relating to searching
PMASA-2020-3 Announcement-ID: PMASA-2020-3 Date: 2020-03-20 Updated: 2020-03-22 Summary SQL injection relating to searching Description An SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions within...
SQL injection in user accounts page
PMASA-2020-1 Announcement-ID: PMASA-2020-1 Date: 2020-01-05 Summary SQL injection in user accounts page Description A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An...
SQL injection in Designer feature
PMASA-2019-5 Announcement-ID: PMASA-2019-5 Date: 2019-10-28 Summary SQL injection in Designer feature Description A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. This is similar to PMASA-2019-2 and...
openSUSE Security Update : phpMyAdmin (openSUSE-2019-1689)
This update for phpMyAdmin fixes the following issues : phpMyAdmin was updated to 4.9.0.1 : - Several issues with SYSTEM VERSIONING tables - Fixed json encode error in export - Fixed JavaScript events not activating on input sql bookmark issue - Show Designer combo boxes when adding a constraint ...
SQL injection in Designer feature
PMASA-2019-3 Announcement-ID: PMASA-2019-3 Date: 2019-05-06 Summary SQL injection in Designer feature Description A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. Severity We consider this vulnerabili...
SQL injection in Designer feature
PMASA-2019-2 Announcement-ID: PMASA-2019-2 Date: 2019-01-22 Summary SQL injection in Designer feature Description A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature. Severity We consider this vulnerability to...
Arbitrary file read vulnerability
PMASA-2019-1 Announcement-ID: PMASA-2019-1 Date: 2019-01-21 Summary Arbitrary file read vulnerability Description When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmi...
XSS vulnerability in navigation tree
PMASA-2018-8 Announcement-ID: PMASA-2018-8 Date: 2018-12-07 Summary XSS vulnerability in navigation tree Description A Cross-Site Scripting vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a specially-crafted database/table name. Severity W...
Local file inclusion through transformation feature
PMASA-2018-6 Announcement-ID: PMASA-2018-6 Date: 2018-12-07 Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration...
XSS in the import dialog
PMASA-2018-5 Announcement-ID: PMASA-2018-5 Date: 2018-08-21 Summary XSS in the import dialog Description A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Severity We consider th...
phpMyAdmin Authenticated Remote Code Execution Exploit
phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1. This module requires Metasploit: https://metasploit.com/download Current source:...
File inclusion and remote code execution attack
PMASA-2018-4 Announcement-ID: PMASA-2018-4 Date: 2018-06-19 Updated: 2018-06-21 Summary File inclusion and remote code execution attack Description A flaw has been discovered where an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of...
XSS in Designer feature
PMASA-2018-3 Announcement-ID: PMASA-2018-3 Date: 2018-06-19 Updated: 2018-06-21 Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name. Severity...
Self XSS in central columns feature
PMASA-2018-1 Announcement-ID: PMASA-2018-1 Date: 2018-02-20 Summary Self XSS in central columns feature Description A self-cross site scripting XSS vulnerability has been reported relating to the central columns feature. Severity We consider this vulnerability to be of moderate severity. Mitigati...
XSRF/CSRF vulnerability in phpMyAdmin
PMASA-2017-9 Announcement-ID: PMASA-2017-9 Date: 2017-12-20 Updated: 2018-01-03 Summary XSRF/CSRF vulnerability in phpMyAdmin Description By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc...