phpMyAdmin 5.1.x < 5.1.3 Information Disclosure

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.10 or 5.1.x prior to 5.1.3. It is, therefore, affected by an information disclosure that would reveal the path on disk where phpMyAdmin is running from. Note that the scanner has not tested for these issues but has...

phpMyAdmin 4.9.x < 4.9.10 Information Disclosure

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.10 or 5.1.x prior to 5.1.3. It is, therefore, affected by an information disclosure that would reveal the path on disk where phpMyAdmin is running from. Note that the scanner has not tested for these issues but has...

VulnCheck KEV: CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

phpmyadmin.cumulos.co Improper Access Control vulnerability OBB-3044387

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-2407

The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2407

The CVE-2022-2407 affects the WP phpMyAdmin WordPress plugin prior to version 5.2.0.4. The issue is that certain settings are not escaped, which could allow high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting when the unfiltered_html capability is disallowed (as in multisit...

WordPress Plugin WP phpMyAdmin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-16449 · WordPress · Wp Phpmyadmin

Name of the Vulnerable Software and Affected Versions: WP phpMyAdmin WordPress plugin versions prior to 5.2.0.4 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a...

phpmyadmin.centralinfo.com.au Cross Site Scripting vulnerability OBB-2825714

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "phpMyAdmin on hosting" setting...

WordPress WP phpMyAdmin plugin <= 5.2.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP phpMyAdmin plugin versions = 5.2.0.3. Solution Update the WordPress WP phpMyAdmin plugin to the latest available version at least 5.2.0.4...

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "phpMyAdmin on hosting" settings...

phpMyAdmin 5.1.x < 5.1.2 Two Factor Authentication Bypass

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.8 or 5.1.x prior to 5.1.2. It is, therefore, affected by a flaw which may permit a user to bypass two factor authentication for their account. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin 4.8.x < 4.8.0-1 Cross-Site Request Forgery

The version of phpMyAdmin installed on the remote host permits an attack to deceive a user into clicking on a crafted URL link, which may permit the attacker to execute arbitrary SQL commands. Note that the scanner has not tested for these issues but has instead relied only on the application's...

phpMyAdmin 4.x < 4.8.4 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not correctly sanitize database/table names leading to a leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

phpMyAdmin 4.9.x < 4.9.8 Two Factor Authentication Bypass

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.8 or 5.1.x prior to 5.1.2. It is, therefore, affected by a flaw which may permit a user to bypass two factor authentication for their account. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin 4.7.7 < 4.9.2 SQL Injection

The version of phpMyAdmin installed on the remote host does not sanitize the database name parameter inside the Designer feature, leading to exposure to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's...

phpMyAdmin 5.0.x < 5.0.2 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.5 or 5.0.x prior to 5.0.2. It is, therefore, affected by multiple vulnerabilities. - A malicious user may be able to create a specially crafted username leading to a SQL injection. - A malicious user may be able to...

phpMyAdmin 4.5.x < 4.8.5 SQL Injection

The version of phpMyAdmin installed on the remote host does not correctly handle malicious usernames leading to a SQL injection attack through the designer feature. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number...

phpMyAdmin 4.x < 4.8.3 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not correctly handle malicious filenames leading to a leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version numbe...