| CVE-2016-5734 |
critical |
9.8 |
10.0 |
|
|
|
10y ago |
phpMyAdmin Code Injection vulnerability |
| CVE-2016-9866 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All … |
| CVE-2016-6629 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by A… |
| CVE-2011-4107 |
medium |
6.5 |
7.5 |
|
|
|
15y ago |
phpMyAdmin vulnerable to XML external entity (XXE) injection attack |
| CVE-2011-2505 |
medium |
— |
7.4 |
|
|
|
15y ago |
phpMyAdmin remote variable manipulation |
| CVE-2016-2562 |
medium |
6.8 |
6.8 |
|
|
|
10y ago |
phpMyAdmin Improper Input Validation |
| CVE-2016-6623 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions… |
| CVE-2016-6618 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
phpMyAdmin Denial of service (DOS) attack in transformation feature |
| CVE-2016-6612 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions… |
| CVE-2016-6628 |
medium |
6.3 |
6.3 |
|
|
|
10y ago |
phpMyAdmin Reflected File Download attack |
| CVE-2017-1000015 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters |
| CVE-2017-1000013 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness |
| CVE-2016-9857 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to … |
| CVE-2016-9856 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions… |
| CVE-2016-6608 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x… |
| CVE-2016-5733 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML v… |
| CVE-2016-5732 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before … |
| CVE-2016-5731 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
phpMyAdmin Cross-site scripting (XSS) vulnerability |
| CVE-2016-5705 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) … |
| CVE-2016-5704 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. |
| CVE-2016-5701 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
phpMyAdmin vulnerable to Cross-site Scripting |
| CVE-2015-6830 |
medium |
— |
6.0 |
|
|
|
11y ago |
phpMyAdmin ReCaptcha bypass |
| CVE-2011-2718 |
medium |
— |
6.0 |
|
|
|
15y ago |
phpMyAdmin Directory Traversal Vulnerability |
| CVE-2011-2508 |
medium |
— |
6.0 |
|
|
|
15y ago |
phpMyAdmin Directory Traversal vulnerability |
| CVE-2016-9860 |
medium |
5.9 |
5.9 |
|
|
|
10y ago |
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4… |
| CVE-2016-6632 |
medium |
5.9 |
5.9 |
|
|
|
10y ago |
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (… |
| CVE-2016-6624 |
medium |
5.9 |
5.9 |
|
|
|
10y ago |
phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention |
| CVE-2016-6622 |
medium |
5.9 |
5.9 |
|
|
|
10y ago |
phpMyAdmin DoS Vulnerability |
| CVE-2013-3239 |
medium |
— |
5.6 |
|
|
|
13y ago |
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename… |
| CVE-2018-7260 |
medium |
— |
5.5 |
|
|
|
4y ago |
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2013-4729 |
medium |
— |
5.5 |
|
|
|
13y ago |
phpMyAdmin Global variables scope injection vulnerability |
| CVE-2016-2559 |
medium |
5.4 |
5.4 |
|
|
|
10y ago |
Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to i… |
| CVE-2016-2040 |
medium |
5.4 |
5.4 |
|
|
|
10y ago |
phpMyAdmin XSS Vulnerability |
| CVE-2016-9853 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
phpMyAdmin path disclosure |
| CVE-2016-9851 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
phpMyAdmin Bypass logout timeout |
| CVE-2016-9847 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way thi… |
| CVE-2016-6613 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user… |
| CVE-2016-5730 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
phpMyAdmin full path disclosure vulnerability |
| CVE-2015-7873 |
medium |
— |
5.0 |
|
|
|
11y ago |
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. |
| CVE-2011-0986 |
medium |
— |
5.0 |
|
|
|
16y ago |
phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file |
| CVE-2010-4481 |
medium |
— |
5.0 |
|
|
|
16y ago |
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. |
| CVE-2016-6625 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
phpMyAdmin allows to detect if user is logged in |
| CVE-2014-6300 |
medium |
— |
4.3 |
|
|
|
12y ago |
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arb… |
| CVE-2013-4997 |
medium |
— |
4.3 |
|
|
|
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an… |
| CVE-2012-5368 |
medium |
— |
4.3 |
|
|
|
14y ago |
phpMyAdmin Unsafe Fetching of Javascript Code |
| CVE-2011-1941 |
medium |
— |
4.3 |
|
|
|
15y ago |
phpMyAdmin Open Redirect in redirector |
| CVE-2011-1940 |
medium |
— |
4.3 |
|
|
|
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name t… |
| CVE-2011-4782 |
medium |
— |
4.3 |
|
|
|
15y ago |
Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTM… |
| CVE-2011-4634 |
medium |
— |
4.3 |
|
|
|
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Data… |
| CVE-2010-2958 |
medium |
— |
4.3 |
|
|
|
16y ago |
Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtr… |
