Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6026 matches found

AlpineLinux
AlpineLinuxadded 2018/06/21 8:0 p.m.39 views

CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

8.8CVSS8.9AI score0.94262EPSS
Exploits20
exploitpack
exploitpackadded 2018/06/21 12:0 a.m.23 views

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 1 The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as lon...

0.4AI score
Exploits0
Exploit DB
Exploit DBadded 2018/06/21 12:0 a.m.30 views

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)

The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long as we bypass the 55 to 59 restrictions on the line Lin...

7AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2018/06/21 12:0 a.m.722 views

CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

8.8CVSS8.8AI score0.94262EPSS
In wildExploits20References13
phpMyAdmin
phpMyAdminadded 2018/06/19 12:0 a.m.63 views

File inclusion and remote code execution attack

PMASA-2018-4 Announcement-ID: PMASA-2018-4 Date: 2018-06-19 Updated: 2018-06-21 Summary File inclusion and remote code execution attack Description A flaw has been discovered where an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of...

8.8CVSS7.9AI score0.94262EPSS
Exploits20Affected Software1
Check Point Advisories
Check Point Advisoriesadded 2018/06/19 12:0 a.m.45 views

Web Servers PHPMyAdmin Remote Code Execution (CVE-2016-5734)

A remote code execution vulnerability exists in PHPMyAdmin. The vulnerability is caused due to incorrect choosing of delimiters to prevent use of the pregreplace function. Successful exploitation of this vulnerability will allow execution of arbitrary PHP code...

7.5CVSS5.9AI score0.87019EPSS
Exploits8
phpMyAdmin
phpMyAdminadded 2018/06/19 12:0 a.m.37 views

XSS in Designer feature

PMASA-2018-3 Announcement-ID: PMASA-2018-3 Date: 2018-06-19 Updated: 2018-06-21 Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name. Severity...

6.1CVSS6.5AI score0.00393EPSS
Exploits0Affected Software1
0day.today
0day.todayadded 2018/06/19 12:0 a.m.5123 views

phpMyAdmin 4.x Remote Code Execution Exploit

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

7.5CVSS1.1AI score0.87019EPSS
Exploits8
Positive Technologies
Positive Technologiesadded 2018/06/19 12:0 a.m.3 views

PT-2018-1938 · Phpmyadmin +2 · Phpmyadmin +2

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 4.8.0 through 4.8.1 Description: An issue was discovered in phpMyAdmin where an attacker can include and potentially execute files on the server due to improper testing for whitelisted pages during page redirection and...

9.8CVSS8.1AI score0.94262EPSS
Exploits49References68
Metasploit
Metasploitadded 2018/06/18 12:33 p.m.338 views

phpMyAdmin Authenticated Remote Code Execution

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS7.8AI score0.87019EPSS
Exploits8
Veracode
Veracodeadded 2018/05/31 4:40 a.m.15 views

Cross-site Request Forgery (CSRF)

phpmyadmin/phpmyadmin is vulnerable to cross-site request forgery CSRF attacks. The vulnerability exists as sensitive actions that allows modification of table records was possible through GET requests, allowing CSRF attacks to be executed...

8.8CVSS8.5AI score0.11439EPSS
Exploits5References6Affected Software1
CNVD
CNVDadded 2018/05/11 12:0 a.m.2 views

phpMyAdmin Cross-Site Request Forgery Vulnerability (CNVD-2018-09386)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site request forgery vulnerability exists in...

8.8CVSS7.8AI score0.0065EPSS
Exploits5References1
CNVD
CNVDadded 2018/05/03 12:0 a.m.5 views

phpMyAdmin security bypass vulnerability (CNVD-2018-10169)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in the...

9.8CVSS7.3AI score0.00305EPSS
Exploits0References1
OpenVAS
OpenVASadded 2018/05/03 12:0 a.m.607 views

phpMyAdmin Security Bypass Vulnerability-PMASA-2017-8

phpMyAdmin is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin"; i...

9.8CVSS9.3AI score0.00305EPSS
Exploits0References1
OpenVAS
OpenVASadded 2018/05/02 12:0 a.m.29 views

phpMyAdmin Cross-Site Request Forgery Vulnerability-PMASA-2018-2

phpMyAdmin is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.7AI score0.0065EPSS
Exploits5References3
Prion
Prionadded 2018/05/01 5:29 p.m.22 views

Design/Logic Flaw

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

7.5CVSS9.4AI score0.00305EPSS
Exploits0References3Affected Software2
OSV
OSVadded 2018/05/01 5:29 p.m.28 views

CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS9.7AI score
Exploits0References3
OSV
OSVadded 2018/05/01 5:29 p.m.0 views

UBUNTU-CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS7.3AI score0.00305EPSS
Exploits0References6
NVD
NVDadded 2018/05/01 5:29 p.m.28 views

CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS9.5AI score0.00305EPSS
Exploits0References3
OSV
OSVadded 2018/05/01 5:29 p.m.1 views

DEBIAN-CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS9.6AI score0.00305EPSS
Exploits0References1
Rows per page
Query Builder