Lucene search
K

91 matches found

OSV
OSV
added 2022/05/17 5:19 a.m.1 views

GHSA-9J9H-CPGC-8356 phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

6.5CVSS6AI score0.0221EPSS
Exploits1References13
OSV
OSV
added 2022/05/14 3:14 a.m.6 views

GHSA-44VV-MM86-7CG6 phpMyAdmin server-side request forgery (SSRF)

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

8.6CVSS8.9AI score0.01927EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/14 3:14 a.m.8 views

phpMyAdmin server-side request forgery (SSRF)

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

8.6CVSS7.3AI score0.01927EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 2:8 a.m.7 views

GHSA-CR65-P662-FX5C phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...

6.1CVSS6.4AI score0.02182EPSS
Exploits0References16
OSV
OSV
added 2022/05/14 2:8 a.m.5 views

GHSA-6Q2J-8H8Q-46MR phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...

6.1CVSS6.4AI score0.0132EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/14 2:8 a.m.9 views

phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...

6.1CVSS5.7AI score0.02182EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:8 a.m.9 views

phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...

6.1CVSS5.7AI score0.0132EPSS
Exploits0References13Affected Software1
NCSC
NCSC
added 2020/11/25 12:0 a.m.3 views

Vulnerabilities fixed in PHPMyAdmin

Ubuntu has fixed several vulnerabilities in the phpmyadmin package. The vulnerabilities allow an unauthenticated malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS SQL Injection Access to...

9.8CVSS6.7AI score0.67081EPSS
Exploits10
Hacker One
Hacker One
added 2020/07/05 11:39 a.m.24 views

Engel & Völkers Technology GmbH: Improper authentication on phpmyadmin portal which is hosted in https://eventapp.engelvoelkers.com

Summary: Hi Team, following domain https://eventapp.engelvoelkers.com/ publicly exposed phpmyadmin portal and authentication mechanism is poorly configured, On response manipulation, application giving access to internal structure of phpmyadmin portal, which disclosing many internal paths and sta...

0.1AI score
Exploits0
OSV
OSV
added 2017/02/03 9:39 p.m.9 views

MGASA-2017-0038 Updated phpmyadmin packages fix security vulnerabilities

Multiple vulnerabilities in setup script CVE-2016-6621 / PMASA-2016-44. Open redirect PMASA-2017-1. php-gettext code execution CVE-2015-8980 / PMASA-2017-2. DOS vulnerability in table editing PMASA-2017-3. CSS injection in themes PMASA-2017-4. SSRF in replication PMASA-2017-6. DOS in replication...

9.8CVSS9.1AI score0.06711EPSS
Exploits1References12
OSV
OSV
added 2016/12/09 8:42 a.m.10 views

MGASA-2016-0416 Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.9, when the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created using a weak algorithm. This could allow an attacker to determine the user's...

9.8CVSS7AI score0.02542EPSS
Exploits0References16
OSV
OSV
added 2016/08/31 3:32 p.m.17 views

MGASA-2016-0291 Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...

10CVSS7.9AI score0.0475EPSS
Exploits0References29
OSV
OSV
added 2016/07/03 1:59 a.m.12 views

CVE-2016-5732

Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...

6.1CVSS6AI score
Exploits0References4
OSV
OSV
added 2016/07/03 1:59 a.m.5 views

CVE-2016-5705

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...

6.1CVSS6.4AI score
Exploits0References11
OSV
OSV
added 2016/03/01 11:59 a.m.8 views

CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

5.4CVSS5.6AI score
Exploits0References12
OSV
OSV
added 2015/05/26 3:59 p.m.8 views

CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

7AI score
Exploits0References7
OSV
OSV
added 2014/11/05 11:55 a.m.8 views

CVE-2014-8326

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

5.8AI score
Exploits0References6
OSV
OSV
added 2014/10/03 1:55 a.m.5 views

CVE-2014-7217

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

5.1AI score
Exploits0References7
OSV
OSV
added 2014/08/22 1:55 a.m.7 views

CVE-2014-5273

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 browse table page, related to js/sql.js; 2 ENUM editor page, related to...

5.2AI score
Exploits0References13
OSV
OSV
added 2014/08/21 9:36 a.m.6 views

MGASA-2014-0344 Updated phpmyadmin package fixes XSS vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse table, ENUM editor, monitor, query charts and table relations pages CVE-2014-5273. In phpMyAdmin before 4.1.14.3, with a crafted view name it is possible to trigg...

3.5CVSS5.8AI score0.01706EPSS
Exploits2References4
Rows per page
Query Builder