VIR Vulnerability Intelligence Relay

Package impact

php Packagist / phpmyadmin/phpmyadmin

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-1000017 high 8.8 8.8 9y ago phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server debianphp
CVE-2016-6609 high 8.8 8.8 10y ago phpMyAdmin PHP code injection debianphp
CVE-2016-6621 high 8.6 8.6 9y ago The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. debianphp
CVE-2016-6633 high 8.1 8.1 10y ago phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension debianphp
CVE-2017-1000018 high 7.5 7.5 9y ago phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name debianphp
CVE-2017-1000016 high 7.5 7.5 9y ago A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. debianphp
CVE-2017-1000014 high 7.5 7.5 9y ago phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality debianphp
CVE-2016-9863 high 7.5 7.5 10y ago phpMyAdmin DoS Vulnerability debianphp
CVE-2016-9861 high 7.5 7.5 10y ago phpMyAdmin Bypass white-list protection for URL redirection debianphp
CVE-2016-5739 high 7.5 7.5 10y ago The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, … susedebianphp
CVE-2016-5706 high 7.5 7.5 10y ago js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts paramet… susedebianphp
CVE-2016-2041 high 7.5 7.5 10y ago libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier fo… susefedoradebianphp
CVE-2016-1927 high 7.5 7.5 10y ago The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easie… debianphp
CVE-2011-2506 high 7.5 15y ago phpMyAdmin vulnerable to static code injection debianphp