phpMyAdmin 4.9.x < 4.9.8 Two Factor Authentication Bypass

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.8 or 5.1.x prior to 5.1.2. It is, therefore, affected by a flaw which may permit a user to bypass two factor authentication for their account. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin 4.7.7 < 4.9.2 SQL Injection

The version of phpMyAdmin installed on the remote host does not sanitize the database name parameter inside the Designer feature, leading to exposure to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's...

phpMyAdmin 4.7.x < 4.7.8 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not sanitize user input used for the dbcentralcolumns parameter leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

phpMyAdmin 4.8.x < 4.8.0-1 Cross-Site Request Forgery

The version of phpMyAdmin installed on the remote host permits an attack to deceive a user into clicking on a crafted URL link, which may permit the attacker to execute arbitrary SQL commands. Note that the scanner has not tested for these issues but has instead relied only on the application's...

phpMyAdmin 4.x < 4.8.4 Local File Inclusion

The version of phpMyAdmin installed on the remote host has a flaw in the transformation feature which may permit an authenticated attacker to leak contents of local files. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

phpMyAdmin 4.9.x < 4.9.5 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.5 or 5.0.x prior to 5.0.2. It is, therefore, affected by multiple vulnerabilities. - A malicious user may be able to create a specially crafted username leading to a SQL injection. - A malicious user may be able to...

phpMyAdmin 5.0.x < 5.0.1 SQL Injection

The version of phpMyAdmin installed on the remote host does not correcty deal with malicious sql injected in place of a valid username when creating queries on the user accounts page leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin 4.5.x < 4.8.5 SQL Injection

The version of phpMyAdmin installed on the remote host does not correctly handle malicious usernames leading to a SQL injection attack through the designer feature. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number...

phpMyAdmin 5.1.x < 5.1.2 Two Factor Authentication Bypass

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.8 or 5.1.x prior to 5.1.2. It is, therefore, affected by a flaw which may permit a user to bypass two factor authentication for their account. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin 4.9.x < 4.9.6 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.6 or 5.0.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities. - It may permit an attacker to craft a malicious link leading to a Cross-Site Scripting attack XSS vulnerability if a user clicks o...

phpMyAdmin 4.8.x < 4.9.4 SQL Injection

The version of phpMyAdmin installed on the remote host does not correcty deal with malicious sql injected in place of a valid username when creating queries on the user accounts page leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin 5.1.x < 5.1.2 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host has a series of weaknesses in the setup script, which can be abused to perform injection of Cross-Site Scripting XSS or HTML injection vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the...

Malicious code in phpmyadmin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1554572f62f66f781c39beac2b19170401216f0d4d9a828358a89793b7fdcc46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5327 Malicious code in phpmyadmin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1554572f62f66f781c39beac2b19170401216f0d4d9a828358a89793b7fdcc46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

phpMyAdmin Cross-Site Request Forgery (CSRF)

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page...

GHSA-4C9Q-64GQ-XHX4 phpMyAdmin Cross-Site Request Forgery (CSRF)

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page...

GHSA-6349-53VR-7HCR phpMyAdmin Cross-site Scripting (XSS)

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link...

phpMyAdmin Cross-site Scripting (XSS)

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link...

phpMyAdmin SQL injection vulnerability

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...

GHSA-7FF4-CV53-4CJQ phpMyAdmin SQL injection vulnerability

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...