phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
CVE-2019-11768
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
CVE-2019-11768
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability ...
CVE-2019-12616
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
CVE-2019-11768
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
BDU:2020-03949
Уязвимость функции конструктора (designer/move.js file) веб-приложения для администрирования систем управления базами данных phpMyAdmin, позволяющая нарушителю выполнить произвольный код
BDU:2019-04000
Уязвимость веб-приложения для администрирования систем управления базами данных phpMyAdmin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю удалить любой сервер на странице установки
CVE-2019-6799
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
CVE-2019-6799
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...
CVE-2019-6798
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
CVE-2019-6798
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability wa ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-11768 An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. | CVSS3: 9.8 | 2% Низкий | больше 6 лет назад |
| CVE-2019-11768 An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability ... | CVSS3: 9.8 | 2% Низкий | больше 6 лет назад |
 | CVE-2019-12616 An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim. | CVSS3: 6.5 | 56% Средний | больше 6 лет назад |
| CVE-2019-11768 An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. | CVSS3: 9.8 | 2% Низкий | больше 6 лет назад |
 | BDU:2020-03949 Уязвимость функции конструктора (designer/move.js file) веб-приложения для администрирования систем управления базами данных phpMyAdmin, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 2% Низкий | больше 6 лет назад |
| BDU:2019-04000 Уязвимость веб-приложения для администрирования систем управления базами данных phpMyAdmin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю удалить любой сервер на странице установки | CVSS3: 4.3 | 42% Средний | больше 6 лет назад |
| CVE-2019-6799 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls. | CVSS3: 5.9 | 72% Высокий | около 7 лет назад |
| CVE-2019-6799 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ... | CVSS3: 5.9 | 72% Высокий | около 7 лет назад |
| CVE-2019-6798 An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | CVSS3: 9.8 | 1% Низкий | около 7 лет назад |
| CVE-2019-6798 An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability wa ... | CVSS3: 9.8 | 1% Низкий | около 7 лет назад |
Уязвимостей на страницу