phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
GHSA-frxq-rqm9-ppcr
phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.
GHSA-372q-3c59-c2w9
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.
GHSA-6cqw-hv35-68q6
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
GHSA-gg36-9346-9qx9
phpMyAdmin Remote Code Execution
GHSA-96fj-xvfq-8rxm
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.
GHSA-q7pr-6mgq-3m32
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
GHSA-qjm2-f85j-5793
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.
GHSA-3p87-w3c5-27gf
phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save
GHSA-5p69-rmx8-7gw7
phpMyAdmin Multiple XSS Vulnerabilities
GHSA-6m6g-jfj8-2gh7
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-frxq-rqm9-ppcr phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. | 0% Низкий | больше 3 лет назад | |
| GHSA-372q-3c59-c2w9 Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. | 0% Низкий | больше 3 лет назад | |
| GHSA-6cqw-hv35-68q6 phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. | 65% Средний | больше 3 лет назад | |
| GHSA-gg36-9346-9qx9 phpMyAdmin Remote Code Execution | CVSS3: 8.5 | 12% Средний | больше 3 лет назад |
| GHSA-96fj-xvfq-8rxm Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type. | 4% Низкий | больше 3 лет назад | |
| GHSA-q7pr-6mgq-3m32 export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request. | 3% Низкий | больше 3 лет назад | |
| GHSA-qjm2-f85j-5793 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. | 0% Низкий | больше 3 лет назад | |
| GHSA-3p87-w3c5-27gf phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save | 0% Низкий | больше 3 лет назад | |
| GHSA-5p69-rmx8-7gw7 phpMyAdmin Multiple XSS Vulnerabilities | 0% Низкий | больше 3 лет назад | |
| GHSA-6m6g-jfj8-2gh7 Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу