phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
GHSA-8m97-xc46-rw9w
phpMyAdmin Unsafe comparison of XSRF/CSRF token
GHSA-75vh-37rf-cpgj
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
GHSA-hvw8-56v7-x24q
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.
GHSA-mvfx-p4hj-mppj
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.
GHSA-pvr5-84gr-g985
phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
GHSA-q586-xpwr-jc3j
phpMyAdmin cross-site scripting vulnerability in crafted view name
GHSA-f732-fxh6-g4qj
phpMyAdmin SQL injection in Designer feature
GHSA-8m58-pwg7-52c3
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable."
GHSA-9hrc-rwrq-v6mh
phpMyAdmin DoS Vulnerability
GHSA-5h5m-fj48-qpjw
phpMyAdmin Open Redirect
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-8m97-xc46-rw9w phpMyAdmin Unsafe comparison of XSRF/CSRF token | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| GHSA-75vh-37rf-cpgj phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-hvw8-56v7-x24q Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. | 3% Низкий | больше 3 лет назад | |
| GHSA-mvfx-p4hj-mppj Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. | 2% Низкий | больше 3 лет назад | |
| GHSA-pvr5-84gr-g985 phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page | 0% Низкий | больше 3 лет назад | |
| GHSA-q586-xpwr-jc3j phpMyAdmin cross-site scripting vulnerability in crafted view name | 0% Низкий | больше 3 лет назад | |
| GHSA-f732-fxh6-g4qj phpMyAdmin SQL injection in Designer feature | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад |
| GHSA-8m58-pwg7-52c3 ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable." | CVSS3: 6.1 | 8% Низкий | больше 3 лет назад |
| GHSA-9hrc-rwrq-v6mh phpMyAdmin DoS Vulnerability | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| GHSA-5h5m-fj48-qpjw phpMyAdmin Open Redirect | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу