Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6017 matches found

Github Security Blog
Github Security Blogadded 2022/05/17 4:58 a.m.26 views

phpMyAdmin Remote Code Execution

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

4.6CVSS7.6AI score0.12333EPSS
Exploits7References9Affected Software1
OSV
OSVadded 2022/05/17 4:58 a.m.22 views

GHSA-GG36-9346-9QX9 phpMyAdmin Remote Code Execution

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

8.5CVSS6.4AI score0.12333EPSS
Exploits7References9
Github Security Blog
Github Security Blogadded 2022/05/17 4:19 a.m.17 views

phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

3.5CVSS5.6AI score0.0018EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/17 4:19 a.m.14 views

phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

3.5CVSS5.6AI score0.0018EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2022/05/17 4:19 a.m.13 views

GHSA-5P69-RMX8-7GW7 phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

3.5CVSS5.1AI score0.0018EPSS
Exploits0References7
OSV
OSVadded 2022/05/17 4:19 a.m.12 views

GHSA-3P87-W3C5-27GF phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

3.5CVSS5.1AI score0.0018EPSS
Exploits0References6
OSV
OSVadded 2022/05/17 3:57 a.m.18 views

GHSA-WV8G-FX9J-Q2JG phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

3.5CVSS5.8AI score0.00339EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2022/05/17 3:57 a.m.19 views

phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

3.5CVSS5.6AI score0.00339EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2022/05/17 3:43 a.m.23 views

GHSA-4GMG-GWJH-3MMR phpMyAdmin Cryptographic Vulnerability

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS6.6AI score0.00628EPSS
Exploits0References14
Github Security Blog
Github Security Blogadded 2022/05/17 3:43 a.m.27 views

phpMyAdmin Cryptographic Vulnerability

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

7.5CVSS7.3AI score0.00628EPSS
Exploits0References14Affected Software1
OSV
OSVadded 2022/05/17 3:31 a.m.15 views

GHSA-7RF8-9R8F-QF59 phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

5.4CVSS5.7AI score0.00269EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2022/05/17 3:31 a.m.22 views

phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser

Cross-site scripting XSS vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...

5.4CVSS6.1AI score0.00269EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2022/05/17 3:31 a.m.16 views

GHSA-W8QG-J9FP-HRJF phpMyAdmin Improper Input Validation

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate...

6.8CVSS5.9AI score0.0023EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2022/05/17 3:31 a.m.15 views

phpMyAdmin Improper Input Validation

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate...

6.8CVSS6.4AI score0.0023EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/17 3:25 a.m.4 views

phpMyAdmin allows remote attackers to spoof content via the url parameter

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter...

5CVSS6.7AI score0.00625EPSS
Exploits0References11Affected Software1
OSV
OSVadded 2022/05/17 3:25 a.m.5 views

GHSA-5PMG-QH2C-7J24 phpMyAdmin allows remote attackers to spoof content via the url parameter

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter...

8.7CVSS6.3AI score0.00625EPSS
Exploits0References11
OSV
OSVadded 2022/05/17 3:20 a.m.19 views

GHSA-JQMR-WQGP-8MH2 phpMyAdmin cross-site scripting Vulnerability in Table or Column Names

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

3.5CVSS5.9AI score0.00339EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2022/05/17 3:20 a.m.22 views

phpMyAdmin cross-site scripting Vulnerability in Table or Column Names

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

3.5CVSS5.6AI score0.00339EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/17 3:18 a.m.27 views

phpMyAdmin ReCaptcha bypass

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha...

5CVSS6.9AI score0.21219EPSS
Exploits2References11Affected Software1
OSV
OSVadded 2022/05/17 3:18 a.m.34 views

GHSA-V6FH-VG22-R6CM phpMyAdmin ReCaptcha bypass

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha...

5CVSS6.3AI score0.21219EPSS
Exploits2References10
Rows per page
Query Builder