phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 092
CVE-2012-5368
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained th ...
CVE-2012-5339
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.
CVE-2012-5339
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...
CVE-2012-5339
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.
CVE-2012-5368
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.
CVE-2012-5159
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
CVE-2012-5159
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror durin ...
CVE-2012-5159
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
CVE-2012-4579
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.
CVE-2012-4579
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2012-5368 phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained th ... | CVSS2: 4.3 | 0% Низкий | больше 12 лет назад |
 | CVE-2012-5339 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. | CVSS2: 3.5 | 0% Низкий | больше 12 лет назад |
| CVE-2012-5339 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ... | CVSS2: 3.5 | 0% Низкий | больше 12 лет назад |
 | CVE-2012-5339 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. | CVSS2: 3.5 | 0% Низкий | больше 12 лет назад |
| CVE-2012-5368 phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. | CVSS2: 4.3 | 0% Низкий | больше 12 лет назад |
| CVE-2012-5159 phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. | CVSS2: 7.5 | 88% Высокий | почти 13 лет назад |
| CVE-2012-5159 phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror durin ... | CVSS2: 7.5 | 88% Высокий | почти 13 лет назад |
| CVE-2012-5159 phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. | CVSS2: 7.5 | 88% Высокий | почти 13 лет назад |
| CVE-2012-4579 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. | CVSS2: 3.5 | 0% Низкий | почти 13 лет назад |
| CVE-2012-4579 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ... | CVSS2: 3.5 | 0% Низкий | почти 13 лет назад |
Уязвимостей на страницу