phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
GHSA-wpww-hx7x-xfjh
phpMyAdmin PHP code injection
GHSA-v7gh-wpgm-xx4r
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
GHSA-cq55-4q38-jxr8
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
GHSA-vxj6-pm6r-23hq
phpMyAdmin XSS Vulnerability
GHSA-p6h7-29r2-g88f
phpMyAdmin vulnerable to static code injection
GHSA-rm5v-f378-qgp9
libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.
GHSA-q6vw-39cg-wjjf
phpMyAdmin Directory Traversal vulnerability
GHSA-vqcm-r62w-w437
phpMyAdmin remote variable manipulation
GHSA-fmmw-6q24-3wqx
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.
GHSA-9qwv-267r-c7fq
libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-wpww-hx7x-xfjh phpMyAdmin PHP code injection | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-v7gh-wpgm-xx4r An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад |
| GHSA-cq55-4q38-jxr8 An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад |
| GHSA-vxj6-pm6r-23hq phpMyAdmin XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-p6h7-29r2-g88f phpMyAdmin vulnerable to static code injection | 41% Средний | больше 3 лет назад | |
| GHSA-rm5v-f378-qgp9 libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array. | 4% Низкий | больше 3 лет назад | |
| GHSA-q6vw-39cg-wjjf phpMyAdmin Directory Traversal vulnerability | 11% Средний | больше 3 лет назад | |
| GHSA-vqcm-r62w-w437 phpMyAdmin remote variable manipulation | 45% Средний | больше 3 лет назад | |
| GHSA-fmmw-6q24-3wqx libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505. | 2% Низкий | больше 3 лет назад | |
| GHSA-9qwv-267r-c7fq libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу