CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2022/05/17 2:37 a.m.•15 views

phpMyAdmin allows to detect if user is logged in

4.3CVSS7.1AI score0.00275EPSS

Github Security Blog•added 2022/05/17 2:37 a.m.•36 views

phpMyAdmin Authentication Bypass

An issue was discovered in phpMyAdmin involving the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x...

10CVSS6.7AI score0.00977EPSS

Github Security Blog•added 2022/05/17 2:37 a.m.•19 views

phpMyAdmin Reflected File Download attack

An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

6.8CVSS6.9AI score0.00258EPSS

Exploits0References6Affected Software1

OSV•added 2022/05/17 2:37 a.m.•20 views

GHSA-PHHM-63XX-V9RR phpMyAdmin Reflected File Download attack

6.3CVSS7.3AI score0.00258EPSS

Exploits0References6

OSV•added 2022/05/17 2:37 a.m.•20 views

GHSA-567R-VQJ7-5CW7 phpMyAdmin Authentication Bypass

9.8CVSS7.5AI score0.00977EPSS

Github Security Blog•added 2022/05/17 2:37 a.m.•27 views

phpMyAdmin Denial of service (DOS) attack with dbase extension

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

5.9CVSS7AI score0.00574EPSS

Exploits0References6Affected Software1

OSV•added 2022/05/17 2:37 a.m.•20 views

GHSA-426Q-975P-W5CR phpMyAdmin Denial of service (DOS) attack with dbase extension

5.9CVSS7.2AI score0.00574EPSS

Exploits0References6

OSV•added 2022/05/17 2:37 a.m.•13 views

GHSA-P849-VF5F-F3X7 phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension

An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are...

8.1CVSS8.1AI score0.01833EPSS

Github Security Blog•added 2022/05/17 2:37 a.m.•20 views

phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension

8.1CVSS8.1AI score0.01833EPSS

OSV•added 2022/05/17 2:36 a.m.•10 views

GHSA-9XHQ-PM7V-693P phpMyAdmin Cryptographic Vulnerability

An issue was discovered in phpMyAdmin. When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's...

5.3CVSS5.3AI score0.0043EPSS

Github Security Blog•added 2022/05/17 2:36 a.m.•26 views

phpMyAdmin Cryptographic Vulnerability

5.3CVSS6.7AI score0.0043EPSS

Github Security Blog•added 2022/05/17 2:36 a.m.•26 views

phpMyAdmin Bypass logout timeout

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...

5.3CVSS7AI score0.00241EPSS

OSV•added 2022/05/17 2:36 a.m.•20 views

GHSA-HMMX-WXH4-9W8W phpMyAdmin XSS Vulnerability

An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

6.1CVSS6AI score0.00258EPSS

OSV•added 2022/05/17 2:36 a.m.•16 views

GHSA-RMMF-5XHH-GG27 phpMyAdmin path disclosure

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

5.3CVSS5.4AI score0.00589EPSS

Github Security Blog•added 2022/05/17 2:36 a.m.•16 views

phpMyAdmin XSS Vulnerability

6.1CVSS6.2AI score0.00258EPSS

OSV•added 2022/05/17 2:36 a.m.•18 views

GHSA-R2VW-P77F-VC27 phpMyAdmin Bypass logout timeout

5.3CVSS5.2AI score0.00241EPSS

Github Security Blog•added 2022/05/17 2:36 a.m.•30 views

phpMyAdmin path disclosure

5.3CVSS7AI score0.00589EPSS

OSV•added 2022/05/17 2:36 a.m.•20 views

GHSA-J8MX-X32R-5RF4 phpMyAdmin XSS Vulnerability

An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are...

6.1CVSS5.7AI score0.00258EPSS

OSV•added 2022/05/17 2:36 a.m.•20 views

GHSA-3HW5-FFFC-QRG4 phpMyAdmin Denial of Service (DoS)

An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

5.9CVSS6.1AI score0.00707EPSS