phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
GHSA-jjpc-pf2f-wwgg
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
GHSA-xpxp-v33m-5jp9
phpMyAdmin Unsafe Fetching of Javascript Code
GHSA-g39j-4qc9-5rh4
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
GHSA-rfpg-2fp8-2fph
phpMyAdmin multiple cross-site scripting vulnerabilities
GHSA-r3pq-mp8v-cp33
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
GHSA-x962-w72p-mv7q
phpMyAdmin Global variables scope injection vulnerability
GHSA-vp7p-rxfv-rwm2
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.
GHSA-5gh4-v2ch-pcx4
phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities
GHSA-cq7h-9hgp-vpjq
phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.
GHSA-frxq-rqm9-ppcr
phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-jjpc-pf2f-wwgg The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. | 2% Низкий | больше 3 лет назад | |
| GHSA-xpxp-v33m-5jp9 phpMyAdmin Unsafe Fetching of Javascript Code | 0% Низкий | больше 3 лет назад | |
| GHSA-g39j-4qc9-5rh4 phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. | 88% Высокий | больше 3 лет назад | |
| GHSA-rfpg-2fp8-2fph phpMyAdmin multiple cross-site scripting vulnerabilities | 0% Низкий | больше 3 лет назад | |
| GHSA-r3pq-mp8v-cp33 phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page | 0% Низкий | больше 3 лет назад | |
| GHSA-x962-w72p-mv7q phpMyAdmin Global variables scope injection vulnerability | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-vp7p-rxfv-rwm2 phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. | 0% Низкий | больше 3 лет назад | |
| GHSA-5gh4-v2ch-pcx4 phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities | 0% Низкий | больше 3 лет назад | |
| GHSA-cq7h-9hgp-vpjq phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. | 0% Низкий | больше 3 лет назад | |
| GHSA-frxq-rqm9-ppcr phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу