344 matches found
Mageia: Security Advisory (MGASA-2016-0416)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-23808
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...
phpMyAdmin Information Disclosure Vulnerability (CNVD-2021-13220)
phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An information disclosure vulnerability exists in phpMyAdmin...
CVE-2020-22278
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...
phpMyAdmin 4.x < 4.9.4 / 5.x < 5.0.1 SQLi (PMASA-2020-1)
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.x prior to 4.9.4, or 5.x prior to 5.0.1. It is, therefore, affected by a SQL injection SQLi vulnerability in the user accounts page. An authenticated, remote attacker can exploit this, b...
DEBIAN-CVE-2020-10802
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a...
Cross site request forgery (csrf)
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potential...
CVE-2019-12616
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potential...
UBUNTU-CVE-2019-11768
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...
The vulnerability of the web application for managing phpMyAdmin databases lies in the authentication procedures’ deficiencies, which allow attackers to view and execute files on the server.
The vulnerability in the web application for managing phpMyAdmin databases is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely access and manipulate files on the server...
Information Disclosure
phpmyadmin is vulnerable to information disclosure. An attacker with access to the login system and configuration storage tables is able to retrieve local files due to an error in the transformation feature...
Code injection
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...
Exploit for Improper Authentication in Phpmyadmin
CVE-2018-12613 Local file inclusion bug due to filter bypass u...
PT-2018-1938 · Phpmyadmin +2 · Phpmyadmin +2
Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 4.8.0 through 4.8.1 Description: An issue was discovered in phpMyAdmin where an attacker can include and potentially execute files on the server due to improper testing for whitelisted pages during page redirection and...
CVE-2017-1000013
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness...
CVE-2017-1000014
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality...
CVE-2017-1000014
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality...
CVE-2017-1000017
CVE-2017-1000017 affects phpMyAdmin 4.0, 4.4 and 4.6. A user with appropriate permissions can connect to an arbitrary MySQL server, indicating a serious exposure for affected deployments. The entry includes CVSS details (v3: 8.8, HIGH) from NVD, with network attack vector and no user interaction ...
phpMyAdmin -- bypass 'no password' restriction
The phpMyAdmin team reports: Summary Bypass $cfg'Servers'$i'AllowNoPassword' Description A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can allow the login of users who have no password set eve...
phpMyAdmin Path Traversal Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A path traversal vulnerability exists in phpMyAdmin,...