CVE-2018-19968

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...

CVE-2018-19969

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users,...

CVE-2018-19968

CVE-2018-19968 affects phpMyAdmin prior to 4.8.4. An attacker can leak the contents of a local file due to an error in the transformation feature. Exploitation requires access to the phpMyAdmin Configuration Storage tables (which can be created by the attacker in any database they can access) and...

CVE-2018-19970

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name...

CVE-2018-19970

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name...

CVE-2018-19969

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users,...

CVE-2018-19970

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name...

CVE-2018-19969

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users,...

CVE-2018-19969

The CVE-2018-19969 entry concerns phpMyAdmin 4.7.x and 4.8.x prior to 4.8.4, which is affected by CSRF flaws. By luring a user to a crafted URL, an attacker can trigger harmful SQL operations (renaming databases, creating tables/routines, deleting pages, adding/removing users, updating passwords,...

phpMyAdmin Releases Critical Software Update — Patch Your Sites Now!

Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers. The...

phpMyAdmin Releases Critical Software Update — Patch Your Sites Now!

Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers. The...

phpMyAdmin -- multiple vulnerabilities

The phpMyAdmin development team reports: Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables,...

phpMyAdmin 4.7.x <= 4.7.6 / 4.8.x < 4.8.4 Multiple XSRF/CSRF Vulnerabilities (PMASA-2018-7)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.7.x prior or equal to 4.7.6 or 4.8.x prior to 4.8.4. It is, therefore, affected by multiple cross-site request forgery XSRF vulnerabilities. A remote attacker can exploit this by trickin...

WordPress HighStand 4.6.1 Database Disclosure

Exploit Title : WordPress HighStand Themes 4.6.1 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : wordpress.org Software Download Link :...

WordPress TimeTable Responsive Schedule 5.4 Database Disclosure

Exploit Title : WordPress TimeTable Responsive Schedule Plugins 5.4 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : wordpress.org codecanyon.net Software Download Link :...

XSRF/CSRF vulnerability in phpMyAdmin

PMASA-2018-7 Announcement-ID: PMASA-2018-7 Date: 2018-12-07 Summary XSRF/CSRF vulnerability in phpMyAdmin Description By deceiving a user to click on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages,...

XSS vulnerability in navigation tree

PMASA-2018-8 Announcement-ID: PMASA-2018-8 Date: 2018-12-07 Summary XSS vulnerability in navigation tree Description A Cross-Site Scripting vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a specially-crafted database/table name. Severity W...

Local file inclusion through transformation feature

PMASA-2018-6 Announcement-ID: PMASA-2018-6 Date: 2018-12-07 Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration...

WordPress HpHospital 1.0 Database Disclosure

Exploit Title : WordPress HpHospital Plugins 1.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/12/2018 Vendor Homepage : wordpress.org Tested On : Windows and Linux Category : WebApps Exploit Risk : Medium Version Information : 1.0...

phpMyAdmin 4.8.1 Authenticated Local File Inclusion

Exploit Title: phpMyAdmin 4.8.1 - Authenticated Local File Inclusion Date: 27-11-2018 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.phpmyadmin.net/ Software Link:...