VIR Vulnerability Intelligence Relay

Package impact

php Packagist / phpmyadmin/phpmyadmin

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-1000017 high 8.8 8.8 9y ago phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server debianphp
CVE-2016-6609 high 8.8 8.8 10y ago phpMyAdmin PHP code injection debianphp
CVE-2016-6621 high 8.6 8.6 9y ago The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. debianphp
CVE-2016-6633 high 8.1 8.1 10y ago phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension debianphp
CVE-2017-1000018 high 7.5 7.5 9y ago phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name debianphp
CVE-2017-1000016 high 7.5 7.5 9y ago A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. debianphp
CVE-2017-1000014 high 7.5 7.5 9y ago phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality debianphp
CVE-2016-9863 high 7.5 7.5 10y ago phpMyAdmin DoS Vulnerability debianphp
CVE-2016-9861 high 7.5 7.5 10y ago phpMyAdmin Bypass white-list protection for URL redirection debianphp
CVE-2016-5739 high 7.5 7.5 10y ago The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, … susedebianphp
CVE-2016-5706 high 7.5 7.5 10y ago js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts paramet… susedebianphp
CVE-2016-2041 high 7.5 7.5 10y ago libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier fo… susefedoradebianphp
CVE-2016-1927 high 7.5 7.5 10y ago The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easie… debianphp
CVE-2011-2506 high 7.5 15y ago phpMyAdmin vulnerable to static code injection debianphp
CVE-2016-5702 low 3.7 3.7 10y ago phpMyAdmin cookie-attribute injection debianphp
CVE-2011-3592 low 3.5 12y ago Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script o… debianphp
CVE-2011-3591 low 3.5 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an imprope… debianphp
CVE-2014-8326 low 3.5 12y ago phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page susedebianphp
CVE-2014-7217 low 3.5 12y ago phpMyAdmin cross-site scripting Vulnerability via ENUM value debianphp
CVE-2014-5274 low 3.5 12y ago phpMyAdmin cross-site scripting vulnerability in crafted view name susedebianphp
CVE-2014-4986 low 3.5 12y ago phpMyAdmin cross-site scripting Vulnerability in Table or Column Names debianphp
CVE-2013-5002 low 3.5 13y ago phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value debianphp
CVE-2012-5339 low 3.5 14y ago phpMyAdmin multiple cross-site scripting vulnerabilities debianphp
CVE-2012-4579 low 3.5 14y ago phpMyAdmin Multiple XSS Vulnerabilities debianphp
CVE-2012-4345 low 3.5 14y ago phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page debianphp