VulnCheck KEV: CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

phpmyadmin.cumulos.co Improper Access Control vulnerability OBB-3044387

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-2407

The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2407

The CVE-2022-2407 affects the WP phpMyAdmin WordPress plugin prior to version 5.2.0.4. The issue is that certain settings are not escaped, which could allow high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting when the unfiltered_html capability is disallowed (as in multisit...

PT-2022-16449 · WordPress · Wp Phpmyadmin

Name of the Vulnerable Software and Affected Versions: WP phpMyAdmin WordPress plugin versions prior to 5.2.0.4 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a...

WordPress Plugin WP phpMyAdmin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

phpmyadmin.centralinfo.com.au Cross Site Scripting vulnerability OBB-2825714

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "phpMyAdmin on hosting" setting...

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "phpMyAdmin on hosting" settings...

WordPress WP phpMyAdmin plugin <= 5.2.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP phpMyAdmin plugin versions = 5.2.0.3. Solution Update the WordPress WP phpMyAdmin plugin to the latest available version at least 5.2.0.4...

phpMyAdmin 5.0.x < 5.0.3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.6 or 5.0.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities. - It may permit an attacker to craft a malicious link leading to a Cross-Site Scripting attack XSS vulnerability if a user clicks o...

phpMyAdmin < 4.8.6 SQL Injection

The version of phpMyAdmin installed on the remote host does not correctly handle malicious database names in the Designer feature leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

phpMyAdmin 4.x < 4.9.0 Cross-Site Request Forgery

The version of phpMyAdmin is affected by a Cross-Site Request Forgery CSRF vulnerability in the login form leading to potentially allowing an attacker to perform SQL injection. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

phpMyAdmin 5.0.x < 5.0.2 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.5 or 5.0.x prior to 5.0.2. It is, therefore, affected by multiple vulnerabilities. - A malicious user may be able to create a specially crafted username leading to a SQL injection. - A malicious user may be able to...

phpMyAdmin 4.x < 4.8.3 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not correctly handle malicious filenames leading to a leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version numbe...

phpMyAdmin 4.7.x < 4.8.4 Cross-Site Request Forgery

The version of phpMyAdmin installed on the remote host is affected by a Cross-Site Request Forgery XSRF/CSRF vulnerability leading to injection of harmful SQL queries. vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-report...

phpMyAdmin 4.x < 4.8.5 Arbitary File Read

The version of phpMyAdmin installed on the remote host does not correctly block access to LOAD DATA INFILE function leading to an attacker being able to read any file on the filesystem accessible with the web server permissions. Note that the scanner has not tested for these issues but has instea...

phpMyAdmin 4.8.x < 4.8.2 Remote Code Execution

The version of phpMyAdmin installed on the remote host does not correctly handle page redirections and an improper test for allowed pages leading to execution of arbitrary code and/or view sensitive files. Note that the scanner has not tested for these issues but has instead relied only on the...

phpMyAdmin 4.x < 4.8.2 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not sanitize the database name parameter inside the Designer feature, leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-report...

phpMyAdmin 4.x < 4.8.4 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not correctly sanitize database/table names leading to a leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...