Cross site request forgery (csrf)

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to make a request to extract the victim's password for the OS...

Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title : CWP Control Web Panel phpMyAdmin password access Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only...

PT-2019-14030 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.864 Description: The issue allows an attacker to obtain a victim's session file name from /home/USERNAME/tmp/session/sess xxxxxx and the victim's token value from /usr/local/cwpsrv/logs/access log. With this...

Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure

Exploit Title : CWP Control Web Panel phpMyAdmin password access Date : 20 Aug 2019 Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only available for lastest version Versi...

Unspecified vulnerability in phpMyAdmin (CNVD-2019-44959)

phpMyAdmin is a free, web-based MySQL database management tool from the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in versions of phpMyAdmin...

Debian DLA-2024-1 : phpmyadmin security update

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/displaygitrevision.lib.php and libraries/Footer.class.php. For Debian 8 'Jessie', this issue has been fixed in phpmyadmin version 4:4.2.12-2+deb8u7. This upload was prepared by Utkarsh Gupta We recommend that yo...

Debian: Security Advisory (DLA-2024-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : phpmyadmin -- multiple vulnerabilities (ca3fe5b3-185e-11ea-9673-4c72b94353b5)

the phpmyadmin team reports : This security fix is part of an ongoing effort to improve the security of the Designer feature and is designated PMASA-2019-5. There is also an improvement for how we sanitize git version information shown on the home page. C Tenable Network Security, Inc. The...

[SECURITY] [DLA 2024-1] phpmyadmin security update

Package : phpmyadmin Version : 4:4.2.12-2+deb8u7 CVE ID : CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/displaygitrevision.lib.php and libraries/Footer.class.php. For Debian 8 "Jessie", this issue has been fixed in phpmyadmin version...

DLA-2024-1 phpmyadmin - security update

Bulletin has no description...

MGASA-2019-0357 Updated phpmyadmin packages fix security vulnerability

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/ table name can be used to trigger a SQL injection attack through the designer feature CVE-2019-18622...

Updated phpmyadmin packages fix security vulnerability

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/ table name can be used to trigger a SQL injection attack through the designer feature CVE-2019-18622...

Cross-Site Scripting (XSS)

phpmyadmin/phpmyadmin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript on a victim's browser via the Git information such as commit hash and repository branch information...

DEBIAN-CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php...

CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php...

CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php...

Design/Logic Flaw

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php...

UBUNTU-CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php...

CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php...

CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php...