phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 092
GHSA-w3p2-mc39-r7v9
Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.
GHSA-6c72-xp63-q5vp
Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.
GHSA-wv8g-fx9j-q2jg
phpMyAdmin cross-site scripting Vulnerability via ENUM value
GHSA-f8gp-vg7w-rp8x
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
GHSA-mg2j-5mpw-m9xf
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
GHSA-4gmg-gwjh-3mmr
phpMyAdmin Cryptographic Vulnerability
GHSA-v24v-vp5m-fpcr
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.
GHSA-7rf8-9r8f-qf59
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser
GHSA-fffr-hwf6-2q7v
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.
GHSA-w8qg-j9fp-hrjf
phpMyAdmin Improper Input Validation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-w3p2-mc39-r7v9 Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. | 0% Низкий | около 3 лет назад | |
| GHSA-6c72-xp63-q5vp Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. | 0% Низкий | около 3 лет назад | |
| GHSA-wv8g-fx9j-q2jg phpMyAdmin cross-site scripting Vulnerability via ENUM value | 0% Низкий | около 3 лет назад | |
| GHSA-f8gp-vg7w-rp8x Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-mg2j-5mpw-m9xf libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-4gmg-gwjh-3mmr phpMyAdmin Cryptographic Vulnerability | CVSS3: 7.5 | 1% Низкий | около 3 лет назад |
| GHSA-v24v-vp5m-fpcr Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
| GHSA-7rf8-9r8f-qf59 phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-fffr-hwf6-2q7v Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. | CVSS3: 6.1 | 2% Низкий | около 3 лет назад |
| GHSA-w8qg-j9fp-hrjf phpMyAdmin Improper Input Validation | CVSS3: 6.8 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу