Sql injection

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...

CVE-2019-18622

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...

CVE-2019-18622

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...

CVE-2019-18622

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...

CVE-2019-18622

phpMyAdmin before 4.9.2 is affected by CVE-2019-18622: a crafted database/table name can trigger SQL injection through the Designer feature. Public data in connected sources shows the vulnerability and indicates a security fix in phpMyAdmin 4.9.2 (PMASA-2019-5) with multiple advisories (openSUSE,...

CVE-2019-18622

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...

phpmyadmin -- multiple vulnerabilities

the phpmyadmin team reports: This security fix is part of an ongoing effort to improve the security of the Designer feature and is designated PMASA-2019-5. There is also an improvement for how we sanitize git version information shown on the home page...

phpMyAdmin CVE-2019-19617 Multiple Information Disclosure Vulnerabilities

Description phpMyAdmin is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. Versions prior to phpMyAdmin 4.9.2 are vulnerable. Technologies Affected phpMyAdmin phpMyAdmin 4.7.7...

phpMyAdmin Navigation-Tree Stored Cross-Site Scripting (CVE-2018-19970)

A stored cross-site scripting vulnerability exists in phpMyAdmin. The vulnerability is due to insufficient input validation in the web-based management interface. Successful exploitation could result in execution of arbitrary script on the affected system...

The vulnerability in the web application for managing phpMyAdmin databases, related to the manipulation of cross-site requests, allows a hacker to delete any server on the installation page.

The vulnerability in the phpMyAdmin web application, which allows for the administration of database management systems, is related to the manipulation of cross-site requests. Exploiting this vulnerability could enable a malicious actor to delete any server listed on the installation page from a...

SQL injection in Designer feature

PMASA-2019-5 Announcement-ID: PMASA-2019-5 Date: 2019-10-28 Summary SQL injection in Designer feature Description A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. This is similar to PMASA-2019-2 and...

phpMyAdmin CVE-2019-18622 SQL Injection Vulnerability

Description phpMyAdmin is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...

phpMyAdmin <= 4.9.1 Cross-Site Request Forgery Vulnerability

A cross-site request forgery XSRF vulnerability exists in the Setup page of phpMyAdmin. A remote attacker can exploit this by tricking a user into visiting a specially crafted web page, allowing the attacker to delete any server in the setup page by creating a fake hyperlink containing the...

Fedora 31 : phpMyAdmin (2019-644b438f51)

Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...

CVE-2015-7873

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter...

CVE-2009-3696

Cross-site scripting XSS vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table...

CVE-2009-3697

SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters...

CVE-2009-2284

Cross-site scripting XSS vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark...

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...