phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
CVE-2022-0813
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
GHSA-8wf2-3ggj-78q9
Improper Authentication in phpmyadmin
GHSA-vcwc-6mr9-8m7c
Cross-site Scripting in phpmyadmin
CVE-2022-23808
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
CVE-2022-23808
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ...
CVE-2022-23807
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
CVE-2022-23807
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before ...
CVE-2022-23807
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
CVE-2022-23808
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
CVE-2020-22278
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-0813 PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
| GHSA-8wf2-3ggj-78q9 Improper Authentication in phpmyadmin | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
| GHSA-vcwc-6mr9-8m7c Cross-site Scripting in phpmyadmin | CVSS3: 6.1 | 68% Средний | около 4 лет назад |
 | CVE-2022-23808 An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | CVSS3: 6.1 | 68% Средний | около 4 лет назад |
| CVE-2022-23808 An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ... | CVSS3: 6.1 | 68% Средний | около 4 лет назад |
| CVE-2022-23807 An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
| CVE-2022-23807 An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before ... | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
| CVE-2022-23807 An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
| CVE-2022-23808 An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | CVSS3: 6.1 | 68% Средний | около 4 лет назад |
| CVE-2020-22278 phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents. | CVSS3: 8.8 | 0% Низкий | больше 5 лет назад |
Уязвимостей на страницу