phpMyAdmin 4.x < 4.8.5 Arbitary File Read

The version of phpMyAdmin installed on the remote host does not correctly block access to LOAD DATA INFILE function leading to an attacker being able to read any file on the filesystem accessible with the web server permissions. Note that the scanner has not tested for these issues but has instea...

phpMyAdmin 5.0.x < 5.0.1 SQL Injection

The version of phpMyAdmin installed on the remote host does not correcty deal with malicious sql injected in place of a valid username when creating queries on the user accounts page leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin < 4.8.6 SQL Injection

The version of phpMyAdmin installed on the remote host does not correctly handle malicious database names in the Designer feature leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

phpMyAdmin 4.8.x < 4.8.2 Remote Code Execution

The version of phpMyAdmin installed on the remote host does not correctly handle page redirections and an improper test for allowed pages leading to execution of arbitrary code and/or view sensitive files. Note that the scanner has not tested for these issues but has instead relied only on the...

phpMyAdmin 4.x < 4.8.2 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not sanitize the database name parameter inside the Designer feature, leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-report...

phpMyAdmin 5.0.x < 5.0.3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.6 or 5.0.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities. - It may permit an attacker to craft a malicious link leading to a Cross-Site Scripting attack XSS vulnerability if a user clicks o...

phpMyAdmin 4.9.x < 4.9.6 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.6 or 5.0.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities. - It may permit an attacker to craft a malicious link leading to a Cross-Site Scripting attack XSS vulnerability if a user clicks o...

phpMyAdmin 4.7.x < 4.7.8 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not sanitize user input used for the dbcentralcolumns parameter leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

phpMyAdmin 4.8.x < 4.9.4 SQL Injection

The version of phpMyAdmin installed on the remote host does not correcty deal with malicious sql injected in place of a valid username when creating queries on the user accounts page leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin 4.x < 4.9.0 Cross-Site Request Forgery

The version of phpMyAdmin is affected by a Cross-Site Request Forgery CSRF vulnerability in the login form leading to potentially allowing an attacker to perform SQL injection. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

phpMyAdmin 4.9.x < 4.9.5 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.5 or 5.0.x prior to 5.0.2. It is, therefore, affected by multiple vulnerabilities. - A malicious user may be able to create a specially crafted username leading to a SQL injection. - A malicious user may be able to...

phpMyAdmin 4.x < 4.8.4 Local File Inclusion

The version of phpMyAdmin installed on the remote host has a flaw in the transformation feature which may permit an authenticated attacker to leak contents of local files. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

phpMyAdmin 4.7.x < 4.8.4 Cross-Site Request Forgery

The version of phpMyAdmin installed on the remote host is affected by a Cross-Site Request Forgery XSRF/CSRF vulnerability leading to injection of harmful SQL queries. vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-report...

phpMyAdmin 5.1.x < 5.1.2 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host has a series of weaknesses in the setup script, which can be abused to perform injection of Cross-Site Scripting XSS or HTML injection vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the...

Malicious code in phpmyadmin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1554572f62f66f781c39beac2b19170401216f0d4d9a828358a89793b7fdcc46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5327 Malicious code in phpmyadmin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1554572f62f66f781c39beac2b19170401216f0d4d9a828358a89793b7fdcc46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-4C9Q-64GQ-XHX4 phpMyAdmin Cross-Site Request Forgery (CSRF)

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page...

phpMyAdmin Cross-Site Request Forgery (CSRF)

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page...

GHSA-6349-53VR-7HCR phpMyAdmin Cross-site Scripting (XSS)

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link...

GHSA-7FF4-CV53-4CJQ phpMyAdmin SQL injection vulnerability

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...