PT-2023-5455 · Unknown · Phppgadmin

Name of the Vulnerable Software and Affected Versions: phpPgAdmin versions 7.14.4 and earlier Description: The issue is related to the unserialize function in the phpPgAdmin web tool for administering PostgreSQL databases, which is vulnerable due to shortcomings in the deserialization mechanism...

SUSE CVE-2007-2865

Cross-site scripting XSS vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter...

SUSE CVE-2007-5728

Cross-site scripting XSS vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHPSELF in 1 redirect.php, possibly related to 2 login.php, different vectors than CVE-2007-2865...

SUSE CVE-2008-5587

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when registerglobals is enabled, allows remote attackers to read arbitrary files via a .. dot dot in the language parameter to index.php...

SUSE CVE-2011-3598

Multiple cross-site scripting XSS vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via 1 a web page title, related to classes/Misc.php; or the 2 returnurl or 3 returndesc parameter to display.php...

SUSE CVE-2012-1600

Multiple cross-site scripting XSS vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 type of a function...

SUSE CVE-2019-10784

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to vis...

Security update for phpPgAdmin (critical)

openSUSE Security Update: Security update for phpPgAdmin Announcement ID: openSUSE-SU-2022:10065-1 Rating: critical References: 1162794 Cross-References: CVE-2019-10784 CVSS scores: CVE-2019-10784 NVD : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2019-10784 SUSE: 9.6...

openSUSE 15 Security Update : phpPgAdmin (openSUSE-SU-2022:10065-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10065-1 advisory. - phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such...

OPENSUSE-SU-2022:10065-1 Security update for phpPgAdmin

This update for phpPgAdmin fixes the following issues: - CVE-2019-10784: Fixed improper source validation that could lead to CSRF boo1162794...

Mageia: Security Advisory (MGASA-2021-0074)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

in adodb/adodb

Description An attacker can inject values into the PostgreSQL connection string by bypassing adodbaddslashes . The function can be bypassed in phppgadmin for example by surrounding the username in quotes and submitting with other parameters injected in between. Proof of Concept I'm going to use...

MGASA-2021-0074 Updated phppgadmin package fixes a security vulnerability

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, database.php does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit...

Updated phppgadmin package fixes a security vulnerability

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, database.php does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit...

phpPgAdmin <= 7.13.0 CSRF Vulnerability

phpPgAdmin is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2019-10784

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to vis...

CVE-2019-10784

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to vis...

DEBIAN-CVE-2019-10784

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to vis...

UBUNTU-CVE-2019-10784

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to vis...

CVE-2019-10784

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to vis...