phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
CVE-2019-6798
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
CVE-2019-6799
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
CVE-2018-19970
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
CVE-2018-19970
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ...
CVE-2018-19969
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.
CVE-2018-19969
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...
CVE-2018-19968
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
CVE-2018-19968
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents o ...
CVE-2018-19969
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.
CVE-2018-19970
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-6798 An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | CVSS3: 9.8 | 1% Низкий | около 7 лет назад |
| CVE-2019-6799 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls. | CVSS3: 5.9 | 72% Высокий | около 7 лет назад |
 | CVE-2018-19970 In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | CVSS3: 6.1 | 2% Низкий | около 7 лет назад |
| CVE-2018-19970 In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ... | CVSS3: 6.1 | 2% Низкий | около 7 лет назад |
| CVE-2018-19969 phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. | CVSS3: 8.8 | 0% Низкий | около 7 лет назад |
| CVE-2018-19969 phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ... | CVSS3: 8.8 | 0% Низкий | около 7 лет назад |
| CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. | CVSS3: 6.5 | 3% Низкий | около 7 лет назад |
| CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents o ... | CVSS3: 6.5 | 3% Низкий | около 7 лет назад |
| CVE-2018-19969 phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. | CVSS3: 8.8 | 0% Низкий | около 7 лет назад |
| CVE-2018-19970 In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | CVSS3: 6.1 | 2% Низкий | около 7 лет назад |
Уязвимостей на страницу