phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
CVE-2020-10804
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).
CVE-2020-10804
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...
CVE-2020-10804
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).
GHSA-jgjc-332c-8cmc
SQL injection in phpMyAdmin
CVE-2020-5504
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
CVE-2020-5504
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...
CVE-2020-5504
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
CVE-2019-19617
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
CVE-2019-19617
phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...
CVE-2019-19617
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2020-10804 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). | CVSS3: 8 | 2% Низкий | почти 6 лет назад |
| CVE-2020-10804 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ... | CVSS3: 8 | 2% Низкий | почти 6 лет назад |
 | CVE-2020-10804 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). | CVSS3: 8 | 2% Низкий | почти 6 лет назад |
| GHSA-jgjc-332c-8cmc SQL injection in phpMyAdmin | CVSS3: 9.8 | 1% Низкий | около 6 лет назад |
| CVE-2020-5504 In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | CVSS3: 8.8 | 23% Средний | около 6 лет назад |
| CVE-2020-5504 In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ... | CVSS3: 8.8 | 23% Средний | около 6 лет назад |
| CVE-2020-5504 In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | CVSS3: 8.8 | 23% Средний | около 6 лет назад |
| CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | CVSS3: 9.8 | 1% Низкий | около 6 лет назад |
| CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, relat ... | CVSS3: 9.8 | 1% Низкий | около 6 лет назад |
| CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | CVSS3: 9.8 | 1% Низкий | около 6 лет назад |
Уязвимостей на страницу