phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.

Релизный цикл, информация об уязвимостях

Продукт: phpMyAdmin

Вендор: phpmyadmin

График релизов

Недавние уязвимости phpMyAdmin

Количество 1 092

CVE-2013-3742

почти 12 лет назад

Cross-site scripting (XSS) vulnerability in view_create.php (aka the C ...

CVSS2: 3.5

EPSS: Низкий

CVE-2013-4729

почти 12 лет назад

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.

CVSS2: 5.5

EPSS: Низкий

CVE-2013-3742

почти 12 лет назад

Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.

CVSS2: 3.5

EPSS: Низкий

CVE-2013-3241

около 12 лет назад

export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.

CVSS2: 4

EPSS: Низкий

CVE-2013-3241

около 12 лет назад

export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...

CVSS2: 4

EPSS: Низкий

CVE-2013-3240

около 12 лет назад

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

CVSS2: 6.5

EPSS: Низкий

CVE-2013-3240

около 12 лет назад

Directory traversal vulnerability in the Export feature in phpMyAdmin ...

CVSS2: 6.5

EPSS: Низкий

CVE-2013-3239

около 12 лет назад

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.

CVSS2: 4.6

EPSS: Средний

CVE-2013-3239

около 12 лет назад

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir ...

CVSS2: 4.6

EPSS: Средний

CVE-2013-3238

около 12 лет назад

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.

CVSS2: 6

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2013-3742 Cross-site scripting (XSS) vulnerability in view_create.php (aka the C ...	CVSS2: 3.5	0% Низкий	почти 12 лет назад
CVE-2013-4729 import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.	CVSS2: 5.5	0% Низкий	почти 12 лет назад
CVE-2013-3742 Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.	CVSS2: 3.5	0% Низкий	почти 12 лет назад
CVE-2013-3241 export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.	CVSS2: 4	5% Низкий	около 12 лет назад
CVE-2013-3241 export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...	CVSS2: 4	5% Низкий	около 12 лет назад
CVE-2013-3240 Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.	CVSS2: 6.5	4% Низкий	около 12 лет назад
CVE-2013-3240 Directory traversal vulnerability in the Export feature in phpMyAdmin ...	CVSS2: 6.5	4% Низкий	около 12 лет назад
CVE-2013-3239 phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.	CVSS2: 4.6	16% Средний	около 12 лет назад
CVE-2013-3239 phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir ...	CVSS2: 4.6	16% Средний	около 12 лет назад
CVE-2013-3238 phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.	CVSS2: 6	58% Средний	около 12 лет назад

Уязвимостей на страницу