WordPress WP phpMyAdmin plugin <= 5.2.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP phpMyAdmin plugin versions = 5.2.0.3. Solution Update the WordPress WP phpMyAdmin plugin to the latest available version at least 5.2.0.4...

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "phpMyAdmin on hosting" settings...

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "phpMyAdmin on hosting" setting...

phpMyAdmin 4.8.x < 4.8.2 Remote Code Execution

The version of phpMyAdmin installed on the remote host does not correctly handle page redirections and an improper test for allowed pages leading to execution of arbitrary code and/or view sensitive files. Note that the scanner has not tested for these issues but has instead relied only on the...

phpMyAdmin 4.9.x < 4.9.5 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.5 or 5.0.x prior to 5.0.2. It is, therefore, affected by multiple vulnerabilities. - A malicious user may be able to create a specially crafted username leading to a SQL injection. - A malicious user may be able to...

phpMyAdmin 5.1.x < 5.1.2 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host has a series of weaknesses in the setup script, which can be abused to perform injection of Cross-Site Scripting XSS or HTML injection vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the...

phpMyAdmin 4.x < 4.9.0 Cross-Site Request Forgery

The version of phpMyAdmin is affected by a Cross-Site Request Forgery CSRF vulnerability in the login form leading to potentially allowing an attacker to perform SQL injection. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

phpMyAdmin 5.1.x < 5.1.2 Two Factor Authentication Bypass

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.8 or 5.1.x prior to 5.1.2. It is, therefore, affected by a flaw which may permit a user to bypass two factor authentication for their account. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin 4.x < 4.8.4 Local File Inclusion

The version of phpMyAdmin installed on the remote host has a flaw in the transformation feature which may permit an authenticated attacker to leak contents of local files. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

phpMyAdmin 4.8.x < 4.8.0-1 Cross-Site Request Forgery

The version of phpMyAdmin installed on the remote host permits an attack to deceive a user into clicking on a crafted URL link, which may permit the attacker to execute arbitrary SQL commands. Note that the scanner has not tested for these issues but has instead relied only on the application's...

phpMyAdmin 4.7.x < 4.8.4 Cross-Site Request Forgery

The version of phpMyAdmin installed on the remote host is affected by a Cross-Site Request Forgery XSRF/CSRF vulnerability leading to injection of harmful SQL queries. vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-report...

phpMyAdmin 4.x < 4.8.4 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not correctly sanitize database/table names leading to a leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

phpMyAdmin 4.x < 4.8.3 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not correctly handle malicious filenames leading to a leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version numbe...

phpMyAdmin 4.9.x < 4.9.6 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.6 or 5.0.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities. - It may permit an attacker to craft a malicious link leading to a Cross-Site Scripting attack XSS vulnerability if a user clicks o...

phpMyAdmin 4.9.x < 4.9.8 Two Factor Authentication Bypass

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.8 or 5.1.x prior to 5.1.2. It is, therefore, affected by a flaw which may permit a user to bypass two factor authentication for their account. Note that the scanner has not tested for these issues but has instead...

phpMyAdmin 4.x < 4.8.2 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not sanitize the database name parameter inside the Designer feature, leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-report...

phpMyAdmin 4.7.7 < 4.9.2 SQL Injection

The version of phpMyAdmin installed on the remote host does not sanitize the database name parameter inside the Designer feature, leading to exposure to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's...

phpMyAdmin 4.5.x < 4.8.5 SQL Injection

The version of phpMyAdmin installed on the remote host does not correctly handle malicious usernames leading to a SQL injection attack through the designer feature. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number...

phpMyAdmin 5.0.x < 5.0.2 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.5 or 5.0.x prior to 5.0.2. It is, therefore, affected by multiple vulnerabilities. - A malicious user may be able to create a specially crafted username leading to a SQL injection. - A malicious user may be able to...

phpMyAdmin 5.0.x < 5.0.3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.6 or 5.0.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities. - It may permit an attacker to craft a malicious link leading to a Cross-Site Scripting attack XSS vulnerability if a user clicks o...