phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.

Релизный цикл, информация об уязвимостях

Продукт: phpMyAdmin

Вендор: phpmyadmin

График релизов

Недавние уязвимости phpMyAdmin

Количество 1 092

GHSA-x37v-98f9-mj32

около 3 лет назад

phpMyAdmin SQL injection in Designer feature

CVSS3: 9.8

EPSS: Низкий

GHSA-q22m-2g7f-xqm5

около 3 лет назад

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

EPSS: Низкий

GHSA-frv8-xjcp-hrm2

около 3 лет назад

phpMyAdmin Cross-site Scripting vulnerability

EPSS: Низкий

GHSA-r7cq-qp4v-9qxv

около 3 лет назад

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".

EPSS: Низкий

GHSA-8hf4-h9w2-2g7p

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.

EPSS: Низкий

GHSA-gmc7-jvv7-w245

около 3 лет назад

phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information

EPSS: Низкий

GHSA-6442-8w69-mgwm

около 3 лет назад

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

EPSS: Низкий

GHSA-vwc7-2mqc-8723

около 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

EPSS: Низкий

GHSA-9645-6g72-2pv8

около 3 лет назад

phpMyAdmin unsafely handles temporary files

EPSS: Низкий

GHSA-vqv2-j98p-2cvh

около 3 лет назад

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-x37v-98f9-mj32 phpMyAdmin SQL injection in Designer feature	CVSS3: 9.8	2% Низкий	около 3 лет назад
GHSA-q22m-2g7f-xqm5 libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.		2% Низкий	около 3 лет назад
GHSA-frv8-xjcp-hrm2 phpMyAdmin Cross-site Scripting vulnerability		0% Низкий	около 3 лет назад
GHSA-r7cq-qp4v-9qxv error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".		8% Низкий	около 3 лет назад
GHSA-8hf4-h9w2-2g7p Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.		1% Низкий	около 3 лет назад
GHSA-gmc7-jvv7-w245 phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information		1% Низкий	около 3 лет назад
GHSA-6442-8w69-mgwm The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.		1% Низкий	около 3 лет назад
GHSA-vwc7-2mqc-8723 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.		1% Низкий	около 3 лет назад
GHSA-9645-6g72-2pv8 phpMyAdmin unsafely handles temporary files		3% Низкий	около 3 лет назад
GHSA-vqv2-j98p-2cvh phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.		1% Низкий	около 3 лет назад

Уязвимостей на страницу