phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
CVE-2016-6614
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2016-6614
An issue was discovered in phpMyAdmin involving the %u username replac ...
CVE-2016-6613
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2016-6613
An issue was discovered in phpMyAdmin. A user can specially craft a sy ...
CVE-2016-6612
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2016-6612
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOC ...
CVE-2016-6611
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2016-6611
An issue was discovered in phpMyAdmin. A specially crafted database an ...
CVE-2016-6610
A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2016-6610
A full path disclosure vulnerability was discovered in phpMyAdmin wher ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-6614 An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | CVSS3: 6.8 | 1% Низкий | больше 9 лет назад |
| CVE-2016-6614 An issue was discovered in phpMyAdmin involving the %u username replac ... | CVSS3: 6.8 | 1% Низкий | больше 9 лет назад |
| CVE-2016-6613 An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | CVSS3: 5.3 | 0% Низкий | больше 9 лет назад |
| CVE-2016-6613 An issue was discovered in phpMyAdmin. A user can specially craft a sy ... | CVSS3: 5.3 | 0% Низкий | больше 9 лет назад |
| CVE-2016-6612 An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | CVSS3: 6.5 | 0% Низкий | больше 9 лет назад |
| CVE-2016-6612 An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOC ... | CVSS3: 6.5 | 0% Низкий | больше 9 лет назад |
| CVE-2016-6611 An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | CVSS3: 8.1 | 0% Низкий | больше 9 лет назад |
| CVE-2016-6611 An issue was discovered in phpMyAdmin. A specially crafted database an ... | CVSS3: 8.1 | 0% Низкий | больше 9 лет назад |
| CVE-2016-6610 A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | CVSS3: 4.3 | 0% Низкий | больше 9 лет назад |
| CVE-2016-6610 A full path disclosure vulnerability was discovered in phpMyAdmin wher ... | CVSS3: 4.3 | 0% Низкий | больше 9 лет назад |
Уязвимостей на страницу