4626 matches found
SUSE CVE-2022-23807
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...
Updated phpmyadmin packages fix security vulnerability
Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...
PT-2023-36335 · Unknown · Phpmyadmin
Name of the Vulnerable Software and Affected Versions: phpMyAdmin affected versions not specified Description: The issue concerns a security fix for an XSS vulnerability in the drag-and-drop upload functionality. Additional bugfixes include resolving errors when configuring 2FA without XMLWriter ...
GHSA-6HR3-44GX-G6WH Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting XSS by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive $cfg'enabledragdropimport', users will be unable to use the drag and drop...
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting XSS by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive $cfg'enabledragdropimport', users will be unable to use the drag and drop...
CVE-2023-25727
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...
CVE-2023-25727
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...
Information disclosure
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...
CVE-2023-25727
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...
CVE-2023-25727
CVE-2023-25727 is an authenticated-user XSS in phpMyAdmin triggered by uploading a crafted .sql file via drag-and-drop. Public details in the connected sources identify affected versions as: phpMyAdmin before 4.9.11 and 5.x before 5.2.1. Debian LTS advisory DLA-4121-1 notes that Debian Bullseye p...
CVE-2023-25727
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...
CVE-2023-25727
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...
phpMyAdmin 跨站脚本漏洞
phpMyAdmin is a free, web-based MySQL database management tool from the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin versions prior...
phpMyAdmin 4.3.x < 4.9.11, 5.2.x < 5.2.1 XSS Vulnerability - Windows
phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
phpMyAdmin 4.3.x < 4.9.11, 5.2.x < 5.2.1 XSS Vulnerability - Linux
phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
phpMyAdmin SQL Injection Vulnerability (CNVD-2023-09611)
phpMyAdmin is a free, web-based MySQL database management tool from the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin, which stems...
XSS vulnerability in drag-and-drop upload
PMASA-2023-1 Announcement-ID: PMASA-2023-1 Date: 2023-02-07 Summary XSS vulnerability in drag-and-drop upload Description An XSS vulnerability has been discovered where an authenticated user can trigger an XSS attack by uploading a specially-crafted .sql file through the drag-and-drop interface...
phpMyAdmin -- XSS vulnerability in drag-and-drop upload
phpMyAdmin Team reports: PMASA-2023-1 XSS vulnerability in drag-and-drop upload...
SQL Injection
phpmyadmin/phpmyadmin is vulnerable to SQL Injection. The vulnerability exists due to the getTableCreationQuery function in DCreateAddField.php, which allows an attacker to inject and execute malicious SQL queries on the system via the tblstorageengine or tblcollation parameters through...
phpMyAdmin 5.x < 5.0.2 SQLi Vulnerability - Windows
phpMyAdmin is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin...