OpenBMCS 2.4 - Information Disclosure

Exploit Title: OpenBMCS 2.4 - Information Disclosure Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your...

Multiple XSS and HTML injection attacks in setup script

PMASA-2022-2 Announcement-ID: PMASA-2022-2 Date: 2022-01-10 Summary Multiple XSS and HTML injection attacks in setup script Description A series of weaknesses has been discovered that could allow an attacker to inject malicious code in to aspects of the setup script, which can allow XSS or HTML...

Two factor authentication bypass

PMASA-2022-1 Announcement-ID: PMASA-2022-1 Date: 2022-01-10 Summary Two factor authentication bypass Description There is a sequence of actions a valid user can take that will allow them to bypass two factor authentication for that account. A user must first connect to phpMyAdmin presumably using...

phpMyAdmin 4.8.1 Remote Code Execution

Exploit Title: phpMyAdmin 4.8.1 - Remote Code Execution RCE Date: 17/08/2021 Exploit Author: samguy Vulnerability Discovery By: ChaMd5 & Henry Huang Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.1 Tested o...

phpMyAdmin 4.8.1 - Remote Code Execution Exploit

Exploit Title: phpMyAdmin 4.8.1 - Remote Code Execution RCE Exploit Author: samguy Vulnerability Discovery By: ChaMd5 & Henry Huang Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.1 Tested on: Linux - Debian...

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Exploit Title: phpMyAdmin 4.8.1 - Remote Code Execution RCE Date: 17/08/2021 Exploit Author: samguy Vulnerability Discovery By: ChaMd5 & Henry Huang Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.1 Tested o...

phpMyAdmin <4.9.0 - Cross-Site Request Forgery

phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement. id: CVE-2019-12616 info: name: phpMyAdmin ta...

The vulnerability of the SearchController class implementation in the web application for managing phpMyAdmin database management systems allows a hacker to cause a service failure.

The vulnerability of the SearchController class implementation in the web application for managing phpMyAdmin database management systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to cause service...

The vulnerability of the transformation function for web applications used in phpMyAdmin administration systems allows attackers to execute cross-site scripting attacks.

The vulnerability of the transformation function for web applications used in phpMyAdmin administration systems is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially...

The vulnerability of the “Export” function in the web application for phpMyAdmin’s database administration system allows a hacker to execute arbitrary code.

The vulnerability of the “Export” function in the phpMyAdmin web application for database management involves the absence of a mechanism to neutralize elements in the CSV file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by opening a specially crafted CSV file...

Unauthorized Access Vulnerability in phpMyAdmin

phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An unauthorized access vulnerability exists in phpMyAdmin,...

USN-4843-1: phpMyAdmin vulnerabilities

Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could use this vulnerability to cause a denial-of-service DoS. This issue only affected Ubuntu 14.04 ESM. CVE-2014-9218 Emanuel Bronshtein discovered that phpMyAdmin failed to...

USN-4843-1 phpmyadmin vulnerabilities

Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could use this vulnerability to cause a denial-of-service DoS. This issue only affected Ubuntu 14.04 ESM. CVE-2014-9218 Emanuel Bronshtein discovered that phpMyAdmin failed to...

QIWI: gifts.flocktory.com/phpmyadmin is vulnerable csrf

Summary: Hello Team, I found that the PHPMyAdmin login panel is publicly accessible on https://gifts.flocktory.com and it is using the 4.6.6 version of PHPMyAdmin, which is vulnerable to several CVEs...

phpMyAdmin Information Disclosure Vulnerability (CNVD-2021-13220)

phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An information disclosure vulnerability exists in phpMyAdmin...

Beauty Parlour Management System 1.0 - &#039;sername&#039; SQL Injection

Exploit Title: Beauty Parlour Management System 1.0 - 'sername' SQL Injection Date: 19/2/2021 Exploit Author: Thinkland Security Team Vendor Homepage: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Software Link:...

CVE-2021-26939

An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem...

Information disclosure

DISPUTED An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem...

CVE-2021-26939

CVE-2021-26939 affects henriquedornas 5.2.17 and is described in connected sources as an information-disclosure issue that allows an attacker to dump phpMyAdmin SQL content. The SUSE entry and PT-Security note this as a site-specific problem. PT-Security provides a mitigation suggestion: restrict...

Henriquedornas 信息泄露漏洞

phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An information disclosure vulnerability exists in phpMyAdmin...