VIR Vulnerability Intelligence Relay

Package impact

php Packagist / phpmyadmin/phpmyadmin

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-1000017 high 8.8 8.8 9y ago phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server debianphp
CVE-2016-6609 high 8.8 8.8 10y ago phpMyAdmin PHP code injection debianphp
CVE-2016-6621 high 8.6 8.6 9y ago The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. debianphp
CVE-2016-6633 high 8.1 8.1 10y ago phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension debianphp
CVE-2017-1000018 high 7.5 7.5 9y ago phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name debianphp
CVE-2017-1000016 high 7.5 7.5 9y ago A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. debianphp
CVE-2017-1000014 high 7.5 7.5 9y ago phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality debianphp
CVE-2016-9863 high 7.5 7.5 10y ago phpMyAdmin DoS Vulnerability debianphp
CVE-2016-9861 high 7.5 7.5 10y ago phpMyAdmin Bypass white-list protection for URL redirection debianphp
CVE-2016-5739 high 7.5 7.5 10y ago The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, … susedebianphp
CVE-2016-5706 high 7.5 7.5 10y ago js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts paramet… susedebianphp
CVE-2016-2041 high 7.5 7.5 10y ago libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier fo… susefedoradebianphp
CVE-2016-1927 high 7.5 7.5 10y ago The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easie… debianphp
CVE-2011-2506 high 7.5 15y ago phpMyAdmin vulnerable to static code injection debianphp
CVE-2016-2562 medium 6.8 6.8 10y ago phpMyAdmin Improper Input Validation debianphp
CVE-2016-6623 medium 6.5 6.5 10y ago An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions… debianphp
CVE-2016-6618 medium 6.5 6.5 10y ago phpMyAdmin Denial of service (DOS) attack in transformation feature debianphp
CVE-2016-6612 medium 6.5 6.5 10y ago An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions… debianphp
CVE-2011-4107 medium 6.5 6.5 15y ago phpMyAdmin vulnerable to XML external entity (XXE) injection attack fedoradebianphp
CVE-2011-2505 medium 6.4 15y ago phpMyAdmin remote variable manipulation debianphp
CVE-2016-6628 medium 6.3 6.3 10y ago phpMyAdmin Reflected File Download attack debianphp
CVE-2017-1000015 medium 6.1 6.1 9y ago phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters debianphp
CVE-2017-1000013 medium 6.1 6.1 9y ago phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness debianphp
CVE-2016-9857 medium 6.1 6.1 10y ago An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to … debianphp
CVE-2016-9856 medium 6.1 6.1 10y ago An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions… debianphp
CVE-2016-6608 medium 6.1 6.1 10y ago XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x… debianphp
CVE-2016-5733 medium 6.1 6.1 10y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML v… susedebianphp
CVE-2016-5732 medium 6.1 6.1 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before … debianphp
CVE-2016-5731 medium 6.1 6.1 10y ago phpMyAdmin Cross-site scripting (XSS) vulnerability susedebianphp
CVE-2016-5705 medium 6.1 6.1 10y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) … susedebianphp
CVE-2016-5704 medium 6.1 6.1 10y ago Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. debianphp
CVE-2016-5701 medium 6.1 6.1 10y ago phpMyAdmin vulnerable to Cross-site Scripting susedebianphp
CVE-2011-2718 medium 6.0 15y ago phpMyAdmin Directory Traversal Vulnerability debianphp
CVE-2011-2508 medium 6.0 15y ago phpMyAdmin Directory Traversal vulnerability debianphp
CVE-2016-9860 medium 5.9 5.9 10y ago An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4… debianphp
CVE-2016-6632 medium 5.9 5.9 10y ago An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (… debianphp
CVE-2016-6624 medium 5.9 5.9 10y ago phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention debianphp
CVE-2016-6622 medium 5.9 5.9 10y ago phpMyAdmin DoS Vulnerability debianphp
CVE-2018-7260 medium 5.5 4y ago Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. archdebianphp
CVE-2013-4729 medium 5.5 13y ago phpMyAdmin Global variables scope injection vulnerability debianphp
CVE-2016-2559 medium 5.4 5.4 10y ago Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to i… debianphp
CVE-2016-2040 medium 5.4 5.4 10y ago phpMyAdmin XSS Vulnerability susefedoradebianphp
CVE-2016-9853 medium 5.3 5.3 10y ago phpMyAdmin path disclosure debianphp
CVE-2016-9851 medium 5.3 5.3 10y ago phpMyAdmin Bypass logout timeout debianphp
CVE-2016-9847 medium 5.3 5.3 10y ago An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way thi… debianphp
CVE-2016-6613 medium 5.3 5.3 10y ago An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user… debianphp
CVE-2016-5730 medium 5.3 5.3 10y ago phpMyAdmin full path disclosure vulnerability susedebianphp
CVE-2015-7873 medium 5.0 11y ago The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. debianphp
CVE-2015-6830 medium 5.0 11y ago phpMyAdmin ReCaptcha bypass debianphp
CVE-2011-0986 medium 5.0 16y ago phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file debianphp
CVE-2010-4481 medium 5.0 16y ago phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. debianphp
CVE-2013-3239 medium 4.6 13y ago phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename… debianphp
CVE-2016-6625 medium 4.3 4.3 10y ago phpMyAdmin allows to detect if user is logged in debianphp
CVE-2014-6300 medium 4.3 12y ago Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arb… susedebianphp
CVE-2013-4997 medium 4.3 13y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an… debianphp
CVE-2012-5368 medium 4.3 14y ago phpMyAdmin Unsafe Fetching of Javascript Code debianphp
CVE-2011-1941 medium 4.3 15y ago phpMyAdmin Open Redirect in redirector debianphp
CVE-2011-1940 medium 4.3 15y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name t… debianphp
CVE-2011-4782 medium 4.3 15y ago Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTM… debianphp
CVE-2011-4634 medium 4.3 15y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Data… debianphp
CVE-2010-2958 medium 4.3 16y ago Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtr… debianphp
CVE-2016-5702 low 3.7 3.7 10y ago phpMyAdmin cookie-attribute injection debianphp
CVE-2011-3592 low 3.5 12y ago Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script o… debianphp
CVE-2011-3591 low 3.5 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an imprope… debianphp
CVE-2014-8326 low 3.5 12y ago phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page susedebianphp
CVE-2014-7217 low 3.5 12y ago phpMyAdmin cross-site scripting Vulnerability via ENUM value debianphp
CVE-2014-5274 low 3.5 12y ago phpMyAdmin cross-site scripting vulnerability in crafted view name susedebianphp
CVE-2014-4986 low 3.5 12y ago phpMyAdmin cross-site scripting Vulnerability in Table or Column Names debianphp
CVE-2013-5002 low 3.5 13y ago phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value debianphp
CVE-2012-5339 low 3.5 14y ago phpMyAdmin multiple cross-site scripting vulnerabilities debianphp
CVE-2012-4579 low 3.5 14y ago phpMyAdmin Multiple XSS Vulnerabilities debianphp
CVE-2012-4345 low 3.5 14y ago phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page debianphp