CVE-2024-56112

CyberPanel aka Cyber Panel before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php...

ABB Cylon Aspect 3.07.01 Hard-Coded Credentials

ABB Cylon Aspect 3.07.01 config.inc.php Hard-coded Credentials in phpMyAdmin Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is operating with default and hard-coded...

SUSE CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

ROS-20240902-19

A vulnerability exists in the phpMyAdmin database administration web application due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting XSS attack...

Telpho10 Backup Credentials Dumper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telpho10 Backup Credentials Dumper', 'Description' = %q This module exploits a vulnerability present in all versions of Telpho10 telephone system...

OPENSUSE-SU-2024:12689-1 phpMyAdmin-5.2.1-2.1 on GA media

These are all security issues fixed in the phpMyAdmin-5.2.1-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12191-1 phpMyAdmin-5.2.0-2.1 on GA media

These are all security issues fixed in the phpMyAdmin-5.2.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11171-1 phpMyAdmin-5.1.1-1.2 on GA media

These are all security issues fixed in the phpMyAdmin-5.1.1-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10054-1 phpMyAdmin-4.6.5.2-1.1 on GA media

These are all security issues fixed in the phpMyAdmin-4.6.5.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11765-1 phpMyAdmin-5.1.2-1.1 on GA media

These are all security issues fixed in the phpMyAdmin-5.1.2-1.1 package on the GA media of openSUSE Tumbleweed...

VulnCheck KEV: CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

BIT-PHPMYADMIN-2020-10802

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a...

BIT-PHPMYADMIN-2020-10803

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results in tblgetfield.php and libraries/classes/Display/Results.php. The attacker must be able to insert...

BIT-PHPMYADMIN-2020-10804

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. A malicious user with access to the server could create a crafted username, and then...

BIT-PHPMYADMIN-2020-11441

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable...

BIT-PHPMYADMIN-2020-22278

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...

BIT-PHPMYADMIN-2020-22452

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tblstorageengine or tblcollation parameters to tblcreate.php...

BIT-PHPMYADMIN-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link...

BIT-PHPMYADMIN-2020-26935

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...