phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 092
GHSA-5pmg-qh2c-7j24
phpMyAdmin allows remote attackers to spoof content via the url parameter
GHSA-mrjr-q5hm-729r
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
GHSA-jqmr-wqgp-8mh2
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
GHSA-rpvm-cpgc-m3w7
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page.
GHSA-mj57-whgp-4577
Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
GHSA-v6fh-vg22-r6cm
phpMyAdmin ReCaptcha bypass
GHSA-crhx-xmfj-53jv
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
GHSA-4458-ww2x-8wwm
Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.
GHSA-j8g5-3786-r7g7
Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.
GHSA-p632-5w74-x8xx
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-5pmg-qh2c-7j24 phpMyAdmin allows remote attackers to spoof content via the url parameter | 1% Низкий | около 3 лет назад | |
| GHSA-mrjr-q5hm-729r libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | CVSS3: 5.3 | 1% Низкий | около 3 лет назад |
| GHSA-jqmr-wqgp-8mh2 phpMyAdmin cross-site scripting Vulnerability in Table or Column Names | 0% Низкий | около 3 лет назад | |
| GHSA-rpvm-cpgc-m3w7 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. | 1% Низкий | около 3 лет назад | |
| GHSA-mj57-whgp-4577 Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | 0% Низкий | около 3 лет назад | |
| GHSA-v6fh-vg22-r6cm phpMyAdmin ReCaptcha bypass | 1% Низкий | около 3 лет назад | |
| GHSA-crhx-xmfj-53jv libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | 2% Низкий | около 3 лет назад | |
| GHSA-4458-ww2x-8wwm Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file. | 0% Низкий | около 3 лет назад | |
| GHSA-j8g5-3786-r7g7 Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information. | 0% Низкий | около 3 лет назад | |
| GHSA-p632-5w74-x8xx phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу