phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.

Релизный цикл, информация об уязвимостях

Продукт: phpMyAdmin

Вендор: phpmyadmin

График релизов

Недавние уязвимости phpMyAdmin

Количество 1 095

CVE-2013-5029

больше 12 лет назад

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to byp ...

CVSS2: 4.3

EPSS: Низкий

CVE-2013-5029

больше 12 лет назад

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.

CVSS2: 4.3

EPSS: Низкий

CVE-2013-5003

больше 12 лет назад

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.

CVSS2: 6.5

EPSS: Низкий

CVE-2013-5003

больше 12 лет назад

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5. ...

CVSS2: 6.5

EPSS: Низкий

CVE-2013-5002

больше 12 лет назад

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.

CVSS2: 3.5

EPSS: Низкий

CVE-2013-5002

больше 12 лет назад

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Re ...

CVSS2: 3.5

EPSS: Низкий

CVE-2013-5001

больше 12 лет назад

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.

CVSS2: 3.5

EPSS: Низкий

CVE-2013-5001

больше 12 лет назад

Cross-site scripting (XSS) vulnerability in libraries/plugins/transfor ...

CVSS2: 3.5

EPSS: Низкий

CVE-2013-5000

больше 12 лет назад

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.

CVSS2: 5

EPSS: Низкий

CVE-2013-5000

больше 12 лет назад

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sens ...

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2013-5029 phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to byp ...	CVSS2: 4.3	2% Низкий	больше 12 лет назад
CVE-2013-5029 phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.	CVSS2: 4.3	2% Низкий	больше 12 лет назад
CVE-2013-5003 Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.	CVSS2: 6.5	0% Низкий	больше 12 лет назад
CVE-2013-5003 Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5. ...	CVSS2: 6.5	0% Низкий	больше 12 лет назад
CVE-2013-5002 Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.	CVSS2: 3.5	0% Низкий	больше 12 лет назад
CVE-2013-5002 Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Re ...	CVSS2: 3.5	0% Низкий	больше 12 лет назад
CVE-2013-5001 Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.	CVSS2: 3.5	0% Низкий	больше 12 лет назад
CVE-2013-5001 Cross-site scripting (XSS) vulnerability in libraries/plugins/transfor ...	CVSS2: 3.5	0% Низкий	больше 12 лет назад
CVE-2013-5000 phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.	CVSS2: 5	0% Низкий	больше 12 лет назад
CVE-2013-5000 phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sens ...	CVSS2: 5	0% Низкий	больше 12 лет назад

Уязвимостей на страницу