Lucene search
K

344 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2016-0416)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.7AI score0.02542EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2022/01/22 12:0 a.m.10 views

CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

6.2AI score0.07936EPSS
Exploits2References3
CNVD
CNVD
added 2021/02/24 12:0 a.m.5 views

phpMyAdmin Information Disclosure Vulnerability (CNVD-2021-13220)

phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An information disclosure vulnerability exists in phpMyAdmin...

7.5CVSS6.8AI score0.017EPSS
Exploits1References1
OSV
OSV
added 2020/11/04 5:15 p.m.7 views

CVE-2020-22278

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...

8.8CVSS8.8AI score0.01507EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/07/17 12:0 a.m.221 views

phpMyAdmin 4.x < 4.9.4 / 5.x < 5.0.1 SQLi (PMASA-2020-1)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.x prior to 4.9.4, or 5.x prior to 5.0.1. It is, therefore, affected by a SQL injection SQLi vulnerability in the user accounts page. An authenticated, remote attacker can exploit this, b...

8.8CVSS8.4AI score0.38778EPSS
Exploits4References2
OSV
OSV
added 2020/03/22 5:15 a.m.3 views

DEBIAN-CVE-2020-10802

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a...

8CVSS8.4AI score0.02115EPSS
Exploits0References1
Prion
Prion
added 2019/06/05 5:29 a.m.22 views

Cross site request forgery (csrf)

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potential...

4.3CVSS6.3AI score0.19184EPSS
Exploits4References9Affected Software1
NVD
NVD
added 2019/06/05 5:29 a.m.25 views

CVE-2019-12616

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potential...

6.5CVSS6.6AI score0.19184EPSS
Exploits4References9
OSV
OSV
added 2019/06/05 5:29 a.m.4 views

UBUNTU-CVE-2019-11768

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...

9.8CVSS7.3AI score0.04196EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2018/12/20 12:0 a.m.6 views

The vulnerability of the web application for managing phpMyAdmin databases lies in the authentication procedures’ deficiencies, which allow attackers to view and execute files on the server.

The vulnerability in the web application for managing phpMyAdmin databases is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely access and manipulate files on the server...

9CVSS7AI score0.98391EPSS
Exploits20References11Affected Software1
Veracode
Veracode
added 2018/12/12 9:37 a.m.28 views

Information Disclosure

phpmyadmin is vulnerable to information disclosure. An attacker with access to the login system and configuration storage tables is able to retrieve local files due to an error in the transformation feature...

6.5CVSS6AI score0.03254EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2018/12/11 5:29 p.m.31 views

Code injection

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...

4CVSS6.3AI score0.03254EPSS
Exploits0References4Affected Software2
GithubExploit
GithubExploit
added 2018/11/09 2:10 p.m.11 views

Exploit for Improper Authentication in Phpmyadmin

CVE-2018-12613 Local file inclusion bug due to filter bypass u...

8.8CVSS8.4AI score0.98391EPSS
Exploits20
Positive Technologies
Positive Technologies
added 2018/06/19 12:0 a.m.5 views

PT-2018-1938 · Phpmyadmin +2 · Phpmyadmin +2

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 4.8.0 through 4.8.1 Description: An issue was discovered in phpMyAdmin where an attacker can include and potentially execute files on the server due to improper testing for whitelisted pages during page redirection and...

9.8CVSS8.1AI score0.98391EPSS
Exploits49References68
UbuntuCve
UbuntuCve
added 2017/07/17 1:18 p.m.27 views

CVE-2017-1000013

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness...

6.1CVSS6.7AI score0.01056EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/07/13 8:0 p.m.34 views

CVE-2017-1000014

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality...

7.9AI score0.01825EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/07/13 8:0 p.m.29 views

CVE-2017-1000014

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality...

7.5CVSS7.5AI score0.01825EPSS
Exploits0
CVE
CVE
added 2017/07/13 8:0 p.m.84 views

CVE-2017-1000017

CVE-2017-1000017 affects phpMyAdmin 4.0, 4.4 and 4.6. A user with appropriate permissions can connect to an arbitrary MySQL server, indicating a serious exposure for affected deployments. The entry includes CVSS details (v3: 8.8, HIGH) from NVD, with network attack vector and no user interaction ...

8.8CVSS8.4AI score0.01334EPSS
Exploits0References2Affected Software1
FreeBSD
FreeBSD
added 2017/03/28 12:0 a.m.24 views

phpMyAdmin -- bypass 'no password' restriction

The phpMyAdmin team reports: Summary Bypass $cfg'Servers'$i'AllowNoPassword' Description A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can allow the login of users who have no password set eve...

1.6AI score
Exploits0References1
CNVD
CNVD
added 2016/12/16 12:0 a.m.4 views

phpMyAdmin Path Traversal Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A path traversal vulnerability exists in phpMyAdmin,...

5.3CVSS7.2AI score0.02497EPSS
Exploits0References1
Rows per page
Query Builder