phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 092
CVE-2006-1258
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
CVE-2006-1258
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows ...
CVE-2006-1258
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
CVE-2005-4450
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed.
CVE-2005-4450
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 al ...
CVE-2005-4349
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450
CVE-2005-4349
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7 ...
CVE-2005-3665
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
CVE-2005-3665
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...
CVE-2005-3665
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2006-1258 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. | CVSS2: 4.3 | 8% Низкий | больше 19 лет назад |
| CVE-2006-1258 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows ... | CVSS2: 4.3 | 8% Низкий | больше 19 лет назад |
 | CVE-2006-1258 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. | CVSS2: 4.3 | 8% Низкий | больше 19 лет назад |
| CVE-2005-4450 Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed. | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2005-4450 Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 al ... | CVSS2: 7.5 | 0% Низкий | больше 19 лет назад |
| CVE-2005-4349 SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450 | CVSS3: 6.3 | 1% Низкий | больше 19 лет назад |
| CVE-2005-4349 SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7 ... | CVSS3: 6.3 | 1% Низкий | больше 19 лет назад |
| CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. | CVSS2: 4.3 | 1% Низкий | больше 19 лет назад |
| CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ... | CVSS2: 4.3 | 1% Низкий | больше 19 лет назад |
| CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. | CVSS2: 4.3 | 1% Низкий | больше 19 лет назад |
Уязвимостей на страницу