phpMyAdmin 4.4.0 < 4.4.15.1 / 4.5.0 < 4.5.1 Content Spoofing (PMASA-2015-5)

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.4.x prior to 4.4.15.1 or 4.5.x prior to 4.5.1. It is, therefore, affected by a content spoofing vulnerability. - The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x...

phpMyAdmin 4.0.x < 4.0.10.15 / 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple Vulnerabilities

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.15, 4.4.x prior to 4.4.15.5, or 4.5.x prior to 4.5.5.1. It is, therefore, affected by multiple vulnerabilities. - Cross-site scripting XSS vulnerability in the format functi...

phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in phpMyAdmin. When the user does not...

Arbitrary Code Execution

phpMyAdmin is vulnerable to arbitrary code execution. The application does not escape certain Git information in libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php, allowing an attacker to execute arbitrary code in the context of the server...

phpMyAdmin 4.0.0 < 4.0.10.17 / 4.4.0 < 4.4.15.8 / 4.6.0 < 4.6.4 Multiple Vulnerabilities

"According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.17, 4.4.x prior to 4.4.15.8, or 4.6.x prior to 4.6.4. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in cookie encryption in phpMyAdmin...

Vulnerabilities fixed in PHPMyAdmin

Ubuntu has fixed several vulnerabilities in the phpmyadmin package. The vulnerabilities allow an unauthenticated malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS SQL Injection Access to...

phpMyAdmin 4.7.x < 4.7.7 XSRF (PMASA-2017-9)

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.7.x prior to 4.7.7. It is, therefore, affected by a cross-site request forgery XSRF vulnerability. An unauthenticated, remote attacker can exploit this, by deceiving a user to click on a crafte...

phpMyAdmin 4.3.x < 4.7.8 XSS (PMASA-2018-1)

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.7.x prior to 4.7.8. Versions since 4.3 are also affected, but they are no longer supported. It is, therefore, affected by a cross-site scripting XSS vulnerability in dbcentralcolumns.php. A...

Ubuntu: Security Advisory (USN-4639-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4639-1: phpMyAdmin vulnerabilities

It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. CVE-2018-19968 It was discovered that phpMyAdmin incorrectly handled user input. An...

USN-4639-1 phpmyadmin vulnerabilities

It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. CVE-2018-19968 It was discovered that phpMyAdmin incorrectly handled user input. An...

Ubuntu 18.04 LTS : phpMyAdmin vulnerabilities (USN-4639-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4639-1 advisory. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use thi...

Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Multiple vulnerabilities have been found in the phpMyAdmin component...

phpMyAdmin <= 5.1.1 CSV Injection Vulnerability - Windows

phpMyAdmin is prone to a CSV injection vulnerability via Export Section. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

phpMyAdmin < 4.9.6, 5.x < 5.0.3 Multiple Vulnerabilities (PMASA-2020-5, PMASA-2020-6) - Linux

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin"; if...

phpMyAdmin <= 5.1.1 CSV Injection Vulnerability - Linux

phpMyAdmin is prone to a CSV injection vulnerability via Export Section. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

openSUSE Security Update : phpMyAdmin (openSUSE-2020-1806)

This update for phpMyAdmin fixes the following issues : phpMyAdmin was updated to 4.9.7 boo1177842 : - Fix two factor authentication that was broken in 4.9.6 - Fix incompatibilities with older PHP versions Update to 4.9.6 : - Fixed XSS relating to the transformation feature boo1177561...

phpMyAdmin < 4.9.6, 5.x < 5.0.3 Multiple Vulnerabilities (PMASA-2020-5, PMASA-2020-6) - Windows

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin"; if...

phpMyAdmin CSV Injection Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool from the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A CSV injection vulnerability exists in phpMyAdmin 5.0.2 and...

CVE-2020-22278

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...