phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
GHSA-pgph-mc4p-f8c3
phpMyAdmin unsanitized Git information
GHSA-mfr9-pcm3-6mwc
phpMyAdmin CSRF Vulnerability
GHSA-x37v-98f9-mj32
phpMyAdmin SQL injection in Designer feature
GHSA-q22m-2g7f-xqm5
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
GHSA-frv8-xjcp-hrm2
phpMyAdmin Cross-site Scripting vulnerability
GHSA-gmc7-jvv7-w245
phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information
GHSA-r7cq-qp4v-9qxv
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
GHSA-8hf4-h9w2-2g7p
Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.
GHSA-9645-6g72-2pv8
phpMyAdmin unsafely handles temporary files
GHSA-6442-8w69-mgwm
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-pgph-mc4p-f8c3 phpMyAdmin unsanitized Git information | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад |
| GHSA-mfr9-pcm3-6mwc phpMyAdmin CSRF Vulnerability | CVSS3: 6.5 | 56% Средний | больше 3 лет назад |
| GHSA-x37v-98f9-mj32 phpMyAdmin SQL injection in Designer feature | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад |
| GHSA-q22m-2g7f-xqm5 libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | 2% Низкий | больше 3 лет назад | |
| GHSA-frv8-xjcp-hrm2 phpMyAdmin Cross-site Scripting vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-gmc7-jvv7-w245 phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information | 1% Низкий | больше 3 лет назад | |
| GHSA-r7cq-qp4v-9qxv error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]". | 7% Низкий | больше 3 лет назад | |
| GHSA-8hf4-h9w2-2g7p Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request. | 1% Низкий | больше 3 лет назад | |
| GHSA-9645-6g72-2pv8 phpMyAdmin unsafely handles temporary files | 3% Низкий | больше 3 лет назад | |
| GHSA-6442-8w69-mgwm The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу