6026 matches found
CVE-2017-18264
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...
CVE-2017-18264
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...
CVE-2017-18264
The CVE-2017-18264 issue affects phpMyAdmin: libraries/common.inc.php bypasses the AllowNoPassword restriction on certain PHP versions, allowing login of users with no password even when disabled. Affected versions include 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. Root cause cite...
CVE-2017-18264
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...
[SECURITY] Fedora 28 Update: phpMyAdmin-4.8.0.1-1.fc28
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Cross-site Scripting (XSS)
phpmyadmin is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the Central Columns feature...
openSUSE Security Update : phpMyAdmin (openSUSE-2018-387)
This update for phpMyAdmin to version 4.8.0.1 fixes the following issues : - CVE-2018-10188: Possible execution of arbitrary SQL statements via manipulated URLs boo1090309 This version also contains a number of upstream changes, improvements, new functions and bug fixes. %NASLMINLEVEL 70300 C...
OPENSUSE-SU-2018:1059-1 Security update for phpMyAdmin
This update for phpMyAdmin to version 4.8.0.1 fixes the following issues: - CVE-2018-10188: Possible execution of arbitrary SQL statements via manipulated URLs boo1090309 This version also contains a number of upstream changes, improvements, new functions and bug fixes...
OPENSUSE-SU-2018:1058-1 Security update for phpMyAdmin
This update for phpMyAdmin to version 4.8.0.1 fixes the following issues: - CVE-2018-10188: Possible execution of arbitrary SQL statements via manipulated URLs boo1090309 This version also contains a number of upstream changes, improvements, new functions and bug fixes...
phpMyAdmin Cross Site Request Forgery
Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188...
phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188...
phpMyAdmin 4.8.0 / 4.8.0-1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188 0day.today 2018-04-23...
Cross-Site Request Forgery (CSRF)
phpmyadmin/phpmyadmin is vulnerable to cross-site request forgery CSRF attack. The library does not prevent execution of arbitrary SQL statements, allowing a malicious user to conduct a cross-site request forgery attack...
FreeBSD : phpmyadmin -- CSRF vulnerability allowing arbitrary SQL execution (ac7da39b-4405-11e8-afbe-6805ca0b3d42)
The phpMyAdmin development team reports : Summary CSRF vulnerability allowing arbitrary SQL execution Description By deceiving a user to click on a crafted URL, it is possible for an attacker to execute arbitrary SQL commands. Severity We consider this vulnerability to be critical. C Tenable...
CVE-2018-10188
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...
Cross site request forgery (csrf)
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...
DEBIAN-CVE-2018-10188
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...
CVE-2018-10188
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...
CVE-2018-10188
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...
CVE-2018-10188
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...