Bypass $cfg['Servers'][$i]['AllowNoPassword']

PMASA-2017-8 Announcement-ID: PMASA-2017-8 Date: 2017-03-28 Updated: 2018-05-01 Summary Bypass $cfg'Servers'$i'AllowNoPassword' Description A vulnerability was discovered where the restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions. This can...

Remote code execution via preg_replace().

PMASA-2013-2 Announcement-ID: PMASA-2013-2 Date: 2013-04-24 Summary Remote code execution via pregreplace. Description In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expressio...

CSRF vulnerability in login form

PMASA-2019-4 Announcement-ID: PMASA-2019-4 Date: 2019-06-04 Summary CSRF vulnerability in login form Description A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the...

SQL injection vulnerability in SearchController

PMASA-2020-6 Announcement-ID: PMASA-2020-6 Date: 2020-10-10 Summary SQL injection vulnerability in SearchController Description An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL i...

SQL injection in Designer feature

PMASA-2019-5 Announcement-ID: PMASA-2019-5 Date: 2019-10-28 Summary SQL injection in Designer feature Description A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. This is similar to PMASA-2019-2 and...

SQL injection in Designer feature

PMASA-2019-3 Announcement-ID: PMASA-2019-3 Date: 2019-05-06 Summary SQL injection in Designer feature Description A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. Severity We consider this vulnerabili...

SQL injection in user accounts page

PMASA-2020-1 Announcement-ID: PMASA-2020-1 Date: 2020-01-05 Summary SQL injection in user accounts page Description A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An...

BBCode injection vulnerability

PMASA-2016-17 Announcement-ID: PMASA-2016-17 Date: 2016-06-23 Summary BBCode injection vulnerability Description A vulnerability was discovered that allows an BBCode injection to setup script in case it's not accessed on https. Severity We consider this to be non-critical. Mitigation factor Alway...

XSS relating to the transformation feature

PMASA-2020-5 Announcement-ID: PMASA-2020-5 Date: 2020-10-10 Summary XSS relating to the transformation feature Description A vulnerability was discovered where an attacker can cause an XSS attack through the transformation feature. If an attacker sends a crafted link to the victim with the...

XSS vulnerability in drag-and-drop upload

PMASA-2023-1 Announcement-ID: PMASA-2023-1 Date: 2023-02-07 Summary XSS vulnerability in drag-and-drop upload Description An XSS vulnerability has been discovered where an authenticated user can trigger an XSS attack by uploading a specially-crafted .sql file through the drag-and-drop interface...

Local file inclusion vulnerability

PMASA-2005-4 Announcement-ID: PMASA-2005-4 Date: 2005-10-11 Summary Local file inclusion vulnerability Description In libraries/grabglobals.lib.php, the $$redirect parameter was not correctly validated, opening the door to a local file inclusion attack. Severity We consider this vulnerability to ...

SQL injection in Designer feature

PMASA-2019-2 Announcement-ID: PMASA-2019-2 Date: 2019-01-22 Summary SQL injection in Designer feature Description A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature. Severity We consider this vulnerability to...

Possible directory traversal.

PMASA-2011-8 Announcement-ID: PMASA-2011-8 Date: 2011-07-02 Summary Possible directory traversal. Description Fixed filtering of a file path in the MIME-type transformation code, which allowed for directory traversal. Severity We consider this vulnerability to be serious. Affected Versions The...

Weakness with cookie encryption

PMASA-2016-29 Announcement-ID: PMASA-2016-29 Date: 2016-07-07 Summary Weakness with cookie encryption Description A pair of vulnerabilities were found affecting the way cookies are stored. The decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker...

XSS vulnerability in normalization page.

PMASA-2016-7 Announcement-ID: PMASA-2016-7 Date: 2016-01-24 Summary XSS vulnerability in normalization page. Description With a crafted table name it is possible to trigger an XSS attack in the database normalization page. Severity We consider this vulnerability to be non-critical. Mitigation...

SQL injection with processing username

PMASA-2020-2 Announcement-ID: PMASA-2020-2 Date: 2020-03-20 Updated: 2020-03-22 Summary SQL injection with processing username Description An SQL injection vulnerability was found in how phpMyAdmin retrieves the current username. A malicious user with access to the server could create a...

Unsafe generation of XSRF/CSRF token.

PMASA-2016-2 Announcement-ID: PMASA-2016-2 Date: 2016-01-24 Summary Unsafe generation of XSRF/CSRF token. Description The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. Severity We consider this vulnerability to be...

ArbitraryServerRegexp bypass

PMASA-2016-52 Announcement-ID: PMASA-2016-52 Date: 2016-07-25 Summary ArbitraryServerRegexp bypass Description A vulnerability was reported with the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by...

File inclusion and remote code execution attack

PMASA-2018-4 Announcement-ID: PMASA-2018-4 Date: 2018-06-19 Updated: 2018-06-21 Summary File inclusion and remote code execution attack Description A flaw has been discovered where an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of...

Self-XSS due to unescaped HTML output in database structure page.

PMASA-2014-4 Announcement-ID: PMASA-2014-4 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database structure page. Description With a crafted table comment, it is possible to trigger an XSS in database structure page. Severity We consider this vulnerability to be non critical...

Multiple full path disclosure vulnerabilities

PMASA-2016-63 Announcement-ID: PMASA-2016-63 Date: 2016-11-25 Updated: 2016-12-06 Summary Multiple full path disclosure vulnerabilities Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which...

DOS vulnerability in table partitioning

PMASA-2016-68 Announcement-ID: PMASA-2016-68 Date: 2016-11-25 Updated: 2016-12-06 Summary DOS vulnerability in table partitioning Description With a very large request to table partitioning function, it is possible to invoke a Denial of Service DOS attack. Severity We consider this vulnerability ...

XSRF/CSRF vulnerability in phpMyAdmin

PMASA-2018-7 Announcement-ID: PMASA-2018-7 Date: 2018-12-07 Summary XSRF/CSRF vulnerability in phpMyAdmin Description By deceiving a user to click on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages,...

Self-XSS due to unescaped HTML output in database triggers page.

PMASA-2014-5 Announcement-ID: PMASA-2014-5 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database triggers page. Description When navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name. Severity We consider this vulnerability t...

CSRF vulnerability allowing arbitrary SQL execution

PMASA-2018-2 Announcement-ID: PMASA-2018-2 Date: 2018-04-17 Summary CSRF vulnerability allowing arbitrary SQL execution Description By deceiving a user to click on a crafted URL, it is possible for an attacker to execute arbitrary SQL commands. Severity We consider this vulnerability to be...

Incorrect serialized string parsing

PMASA-2016-70 Announcement-ID: PMASA-2016-70 Date: 2016-11-25 Updated: 2016-12-06 Summary Incorrect serialized string parsing Description Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. Severity We consider this...

Risk of BREACH attack due to reflected parameter.

PMASA-2015-1 Announcement-ID: PMASA-2015-1 Date: 2015-03-04 Summary Risk of BREACH attack due to reflected parameter. Description With a large number of crafted requests it was possible to infer the CSRF token by a BREACH attack. Severity We consider this vulnerability to be non critical...

BBCode injection vulnerability

PMASA-2016-67 Announcement-ID: PMASA-2016-67 Date: 2016-11-25 Updated: 2016-12-06 Summary BBCode injection vulnerability Description With a crafted login request it is possible to inject BBCode in the login page. Severity We consider this vulnerability to be severe. Mitigation factor This exploit...

Possible code injection in setup script in case session variables are compromised.

PMASA-2011-6 Announcement-ID: PMASA-2011-6 Date: 2011-07-02 Summary Possible code injection in setup script in case session variables are compromised. Description An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can modify this key by modifyin...

PHP Executor Deep Recursion Stack Overflow

PMASA-2007-3 Announcement-ID: PMASA-2007-3 Date: 2007-03-02 Summary PHP Executor Deep Recursion Stack Overflow Description Stefan Esser from the Hardened-PHP Project is publishing the Month of PHP Bugs. One of these PHP bugs can be triggered by phpMyAdmin which uses a recursive function in its...

Content spoofing vulnerability when redirecting user to an external site

PMASA-2015-5 Announcement-ID: PMASA-2015-5 Date: 2015-10-23 Summary Content spoofing vulnerability when redirecting user to an external site Description This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites...

File disclosure on shared hosts via a crafted HTTP POST request.

PMASA-2008-3 Announcement-ID: PMASA-2008-3 Date: 2008-04-22 Updated: 2008-04-27 Summary File disclosure on shared hosts via a crafted HTTP POST request. Description We received an advisory from Cezary Tomczak, and we wish to thank him for his work. It is possible to read the contents of any file...

Path disclosure vulnerability

PMASA-2006-8 Announcement-ID: PMASA-2006-8 Date: 2006-11-17 Summary Path disclosure vulnerability Description We received a security advisory from laurent gaffié and we wish to thank him for his work. It was possible to disclose path by passing an array to several parameters. Severity We consider...

Multiple XSS and HTML injection attacks in setup script

PMASA-2022-2 Announcement-ID: PMASA-2022-2 Date: 2022-01-10 Summary Multiple XSS and HTML injection attacks in setup script Description A series of weaknesses has been discovered that could allow an attacker to inject malicious code in to aspects of the setup script, which can allow XSS or HTML...

SQL injection relating to data display

PMASA-2020-4 Announcement-ID: PMASA-2020-4 Date: 2020-03-20 Updated: 2020-03-22 Summary SQL injection relating to data display Description An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. The attac...

Multiple XSS vulnerabilities

PMASA-2016-21 Announcement-ID: PMASA-2016-21 Date: 2016-06-23 Summary Multiple XSS vulnerabilities Description An XSS vulnerability was discovered on the user privileges page. An XSS vulnerability was discovered in the error console. An XSS vulnerability was discovered in the central columns...

php-gettext code execution

PMASA-2017-2 Announcement-ID: PMASA-2017-2 Date: 2017-01-24 Summary php-gettext code execution Description The php-gettext library can suffer from a code execution vulnerability. However, there is no way to trigger this inside phpMyAdmin. Severity We consider this to be minor. Affected Versions...

Bypass white-list protection for URL redirection

PMASA-2016-66 Announcement-ID: PMASA-2016-66 Date: 2016-11-25 Updated: 2016-12-06 Summary Bypass white-list protection for URL redirection Description Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. Severity We consider this vulnerability to be of...

Reflected File Download attack

PMASA-2016-51 Announcement-ID: PMASA-2016-51 Date: 2016-07-24 Summary Reflected File Download attack Description A vulnerability was discovered where an attacker may be able to trigger a user to download a specially crafted malicious SVG file. Severity We consider this issue to be of moderate...

XSRF/CSRF for creating a database and modifying user charset

PMASA-2008-5 Announcement-ID: PMASA-2008-5 Date: 2008-07-15 Updated: 2008-07-16 Summary XSRF/CSRF for creating a database and modifying user charset Description We received an advisory from Aung Khant YGN Ethical Hacker Group, and we wish to thank him for his work. A logged-in user, if abused int...

SQL injection relating to searching

PMASA-2020-3 Announcement-ID: PMASA-2020-3 Date: 2020-03-20 Updated: 2020-03-22 Summary SQL injection relating to searching Description An SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions within...

Cookie attribute injection attack

PMASA-2017-5 Announcement-ID: PMASA-2017-5 Date: 2017-01-24 Summary Cookie attribute injection attack Description A vulnerability was found where, under some circumstances, an attacker can inject arbitrary values in the browser cookies. This was incompletely fixed in PMASA-2016-18. Severity We...

If a crafted version.json would be presented, an XSS could be introduced.

PMASA-2013-11 Announcement-ID: PMASA-2013-11 Date: 2013-07-28 Updated: 2013-07-30 Summary If a crafted version.json would be presented, an XSS could be introduced. Description Due to not properly validating the version.json file, which is fetched from the phpMyAdmin.net website, could lead to an...

Regular expression quoting issue in Synchronize code.

PMASA-2011-7 Announcement-ID: PMASA-2011-7 Date: 2011-07-02 Updated: 2011-07-04 Summary Regular expression quoting issue in Synchronize code. Description Through a possible bug in PHP, a null byte can truncate the pattern string allowing an attacker to inject the /e modifier causing the pregrepla...

Multiple XSS vulnerabilities

PMASA-2016-38 Announcement-ID: PMASA-2016-38 Date: 2016-07-13 Summary Multiple XSS vulnerabilities Description Multiple XSS vulnerabilities were found in the following areas: Navigation pane and database/table hiding feature. A specially-crafted database name can be used to trigger an XSS attack...

Unsafe usage of unserialize function.

PMASA-2010-3 Announcement-ID: PMASA-2010-3 Date: 2010-01-15 Updated: 2010-01-27 Summary Unsafe usage of unserialize function. Description phpMyAdmin used the unserialize PHP function on potentially unsafe data in setup script, what could be potentially used for XSRF attack, which can lead to code...

XSS vulnerabilities

PMASA-2005-7 Announcement-ID: PMASA-2005-7 Date: 2005-11-23 Summary XSS vulnerabilities Description During the course of phpMyAdmin 2.6.4 development, some XSS vulnerabilities were fixed but were not documented here. The cookie-based login panel, the title parameter and the table creation dialog...

Multiple full path disclosure vulnerabilities.

PMASA-2016-1 Announcement-ID: PMASA-2016-1 Date: 2016-01-23 Summary Multiple full path disclosure vulnerabilities. Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path...

Self-XSS due to unescaped HTML output in schema export.

PMASA-2013-14 Announcement-ID: PMASA-2013-14 Date: 2013-07-28 Updated: 2013-07-30 Summary Self-XSS due to unescaped HTML output in schema export. Description When calling schemaexport.php with crafted parameters, it is possible to trigger an XSS. Severity We consider this vulnerability to be non...

Possible session manipulation in Swekey authentication.

PMASA-2011-5 Announcement-ID: PMASA-2011-5 Date: 2011-07-02 Updated: 2011-07-03 Summary Possible session manipulation in Swekey authentication. Description It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other...