phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4. ...

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.

Directory traversal vulnerability in libraries/error_report.lib.php in ...

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

phpMyAdmin before 4.6.2 places tokens in query strings and does not ar ...

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.