phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
CVE-2018-19968
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
openSUSE-SU-2018:2525-1
Security update for phpMyAdmin
openSUSE-SU-2018:2525-2
Security update for phpMyAdmin
openSUSE-SU-2018:2523-1
Security update for phpMyAdmin
CVE-2018-15605
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.
CVE-2018-15605
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scrip ...
CVE-2018-15605
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.
CVE-2018-12613
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
CVE-2018-12613
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an ...
CVE-2018-12581
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. | CVSS3: 6.5 | 3% Низкий | около 7 лет назад |
 | openSUSE-SU-2018:2525-1 Security update for phpMyAdmin | 1% Низкий | больше 7 лет назад | |
| openSUSE-SU-2018:2525-2 Security update for phpMyAdmin | 1% Низкий | больше 7 лет назад | |
| openSUSE-SU-2018:2523-1 Security update for phpMyAdmin | 1% Низкий | больше 7 лет назад | |
 | CVE-2018-15605 An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. | CVSS3: 6.1 | 1% Низкий | больше 7 лет назад |
| CVE-2018-15605 An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scrip ... | CVSS3: 6.1 | 1% Низкий | больше 7 лет назад |
| CVE-2018-15605 An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. | CVSS3: 6.1 | 1% Низкий | больше 7 лет назад |
| CVE-2018-12613 An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). | CVSS3: 8.8 | 94% Критический | больше 7 лет назад |
| CVE-2018-12613 An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an ... | CVSS3: 8.8 | 94% Критический | больше 7 лет назад |
| CVE-2018-12581 An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. | CVSS3: 6.1 | 1% Низкий | больше 7 лет назад |
Уязвимостей на страницу