GHSA-P632-5W74-X8XX phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value

Cross-site scripting XSS vulnerability in libraries/schema/ExportRelationSchema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schemaexport.php...

phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value

Cross-site scripting XSS vulnerability in libraries/schema/ExportRelationSchema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schemaexport.php...

GHSA-GCVP-CWGW-WX8J phpMyAdmin XSS Vulnerability

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

phpMyAdmin XSS Vulnerability

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

GHSA-3Q28-XFW3-2Q35 phpMyAdmin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...

GHSA-RV57-479X-X4QV phpMyAdmin Code Injection vulnerability

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

phpMyAdmin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...

phpMyAdmin cookie-attribute injection

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

phpMyAdmin Code Injection vulnerability

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

GHSA-XQW9-FFX7-G998 phpMyAdmin cookie-attribute injection

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

phpMyAdmin Cross-site Scripting (XSS)

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions prior to 4.6.4 are affected...

GHSA-JFMJ-27FP-QP67 phpMyAdmin Cross-site Scripting (XSS)

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions prior to 4.6.4 are affected...

phpMyAdmin Local file exposure

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

GHSA-FCGM-62P3-F7CM phpMyAdmin Local file exposure

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

GHSA-MHXJ-6VF8-MWV3 phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...

phpMyAdmin Local file exposure through symlinks with UploadDir

An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to...

GHSA-6J2V-G9RG-QCM5 phpMyAdmin Local file exposure through symlinks with UploadDir

An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to...

GHSA-2MCJ-3R3R-V5WM phpMyAdmin DoS Vulnerability

An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service DoS attack on a server by passing large values to a loop. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

phpMyAdmin DoS Vulnerability

An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service DoS attack on a server by passing large values to a loop. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...