phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.

Релизный цикл, информация об уязвимостях

Продукт: phpMyAdmin

Вендор: phpmyadmin

График релизов

Недавние уязвимости phpMyAdmin

Количество 1 095

CVE-2016-9848

около 9 лет назад

An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS3: 5.3

EPSS: Низкий

CVE-2016-9848

около 9 лет назад

An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...

CVSS3: 5.3

EPSS: Низкий

CVE-2016-9847

около 9 лет назад

An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS3: 5.3

EPSS: Низкий

CVE-2016-9847

около 9 лет назад

An issue was discovered in phpMyAdmin. When the user does not specify ...

CVSS3: 5.3

EPSS: Низкий

CVE-2016-6633

около 9 лет назад

An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 8.1

EPSS: Низкий

CVE-2016-6633

около 9 лет назад

An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigg ...

CVSS3: 8.1

EPSS: Низкий

CVE-2016-6632

около 9 лет назад

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 5.9

EPSS: Низкий

CVE-2016-6632

около 9 лет назад

An issue was discovered in phpMyAdmin where, under certain conditions, ...

CVSS3: 5.9

EPSS: Низкий

CVE-2016-6631

около 9 лет назад

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-6631

около 9 лет назад

An issue was discovered in phpMyAdmin. A user can execute a remote cod ...

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-9848 An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.	CVSS3: 5.3	0% Низкий	около 9 лет назад
CVE-2016-9848 An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...	CVSS3: 5.3	0% Низкий	около 9 лет назад
CVE-2016-9847 An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.	CVSS3: 5.3	0% Низкий	около 9 лет назад
CVE-2016-9847 An issue was discovered in phpMyAdmin. When the user does not specify ...	CVSS3: 5.3	0% Низкий	около 9 лет назад
CVE-2016-6633 An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.	CVSS3: 8.1	2% Низкий	около 9 лет назад
CVE-2016-6633 An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigg ...	CVSS3: 8.1	2% Низкий	около 9 лет назад
CVE-2016-6632 An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.	CVSS3: 5.9	1% Низкий	около 9 лет назад
CVE-2016-6632 An issue was discovered in phpMyAdmin where, under certain conditions, ...	CVSS3: 5.9	1% Низкий	около 9 лет назад
CVE-2016-6631 An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.	CVSS3: 7.5	4% Низкий	около 9 лет назад
CVE-2016-6631 An issue was discovered in phpMyAdmin. A user can execute a remote cod ...	CVSS3: 7.5	4% Низкий	около 9 лет назад

Уязвимостей на страницу