Phpmyadmin Security Vulnerabilities and Issues — Phpmyadmin CVE List

Lucene search

PhpmyadminPhpmyadmin

9 matches found

CVE•added 2016/02/20 1:59 a.m.•78 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

7.5CVSS7.3AI score0.01077EPSS

CVE•added 2016/02/20 1:59 a.m.•73 views

CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

5.3CVSS6AI score0.00543EPSS

CVE•added 2016/02/20 1:59 a.m.•71 views

CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5.3CVSS5.4AI score0.004EPSS

CVE•added 2016/02/20 1:59 a.m.•71 views

CVE-2016-2045

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.

5.4CVSS5.7AI score0.00303EPSS

CVE•added 2016/02/20 1:59 a.m.•70 views

CVE-2016-2040

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header...

5.4CVSS5.7AI score0.00507EPSS

CVE•added 2016/02/20 1:59 a.m.•61 views

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5.3CVSS5.7AI score0.00931EPSS

CVE•added 2016/02/20 1:59 a.m.•59 views

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.

7.5CVSS7.2AI score0.00616EPSS

CVE•added 2016/02/20 1:59 a.m.•53 views

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

5.3CVSS5.1AI score0.00603EPSS

CVE•added 2016/02/20 1:59 a.m.•49 views

CVE-2016-2043

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

5.4CVSS5.1AI score0.00405EPSS