phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
GHSA-6q2j-8h8q-46mr
phpMyAdmin vulnerable to Cross-site Scripting
GHSA-2p7v-jm8m-g3qq
phpMyAdmin vulnerable to Cross-Site Request Forgery
GHSA-wm9c-vcv2-vpqc
phpMyAdmin full path disclosure vulnerability
GHSA-mwm8-36c5-j5cf
phpMyAdmin Cross-site scripting (XSS) vulnerability
GHSA-9rmm-8fp4-26hv
phpMyAdmin Denial Of Service (DOS) attack
GHSA-mgpp-4w68-qf76
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.
GHSA-hc8v-m2rw-4fc4
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
GHSA-f8wg-85r4-g3g3
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
GHSA-pw34-qf6c-84fc
phpMyAdmin XSS Vulnerability
GHSA-8m97-xc46-rw9w
phpMyAdmin Unsafe comparison of XSRF/CSRF token
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-6q2j-8h8q-46mr phpMyAdmin vulnerable to Cross-site Scripting | CVSS3: 6.1 | 1% Низкий | почти 4 года назад |
| GHSA-2p7v-jm8m-g3qq phpMyAdmin vulnerable to Cross-Site Request Forgery | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
| GHSA-wm9c-vcv2-vpqc phpMyAdmin full path disclosure vulnerability | CVSS3: 5.3 | 1% Низкий | почти 4 года назад |
| GHSA-mwm8-36c5-j5cf phpMyAdmin Cross-site scripting (XSS) vulnerability | CVSS3: 6.1 | 0% Низкий | почти 4 года назад |
| GHSA-9rmm-8fp4-26hv phpMyAdmin Denial Of Service (DOS) attack | CVSS3: 7.5 | 3% Низкий | почти 4 года назад |
| GHSA-mgpp-4w68-qf76 SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. | CVSS3: 9.8 | 2% Низкий | почти 4 года назад |
| GHSA-hc8v-m2rw-4fc4 libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
| GHSA-f8wg-85r4-g3g3 Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. | CVSS3: 5.4 | 0% Низкий | почти 4 года назад |
| GHSA-pw34-qf6c-84fc phpMyAdmin XSS Vulnerability | CVSS3: 5.4 | 0% Низкий | почти 4 года назад |
| GHSA-8m97-xc46-rw9w phpMyAdmin Unsafe comparison of XSRF/CSRF token | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу