phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.

Релизный цикл, информация об уязвимостях

Продукт: phpMyAdmin

Вендор: phpmyadmin

График релизов

Недавние уязвимости phpMyAdmin

Количество 1 092

CVE-2010-3056

почти 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

CVSS2: 4.3

EPSS: Низкий

CVE-2009-4605

больше 15 лет назад

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

CVSS2: 5

EPSS: Низкий

CVE-2009-4605

больше 15 лет назад

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2 ...

CVSS2: 5

EPSS: Низкий

CVE-2008-7252

больше 15 лет назад

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

CVSS2: 10

EPSS: Низкий

CVE-2008-7252

больше 15 лет назад

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses pred ...

CVSS2: 10

EPSS: Низкий

CVE-2008-7251

больше 15 лет назад

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

CVSS2: 10

EPSS: Низкий

CVE-2008-7251

больше 15 лет назад

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a ...

CVSS2: 10

EPSS: Низкий

CVE-2008-7251

больше 15 лет назад

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

CVSS2: 10

EPSS: Низкий

CVE-2008-7252

больше 15 лет назад

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

CVSS2: 10

EPSS: Низкий

CVE-2009-4605

больше 15 лет назад

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2010-3056 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.	CVSS2: 4.3	1% Низкий	почти 15 лет назад
CVE-2009-4605 scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.	CVSS2: 5	0% Низкий	больше 15 лет назад
CVE-2009-4605 scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2 ...	CVSS2: 5	0% Низкий	больше 15 лет назад
CVE-2008-7252 libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.	CVSS2: 10	3% Низкий	больше 15 лет назад
CVE-2008-7252 libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses pred ...	CVSS2: 10	3% Низкий	больше 15 лет назад
CVE-2008-7251 libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.	CVSS2: 10	2% Низкий	больше 15 лет назад
CVE-2008-7251 libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a ...	CVSS2: 10	2% Низкий	больше 15 лет назад
CVE-2008-7251 libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.	CVSS2: 10	2% Низкий	больше 15 лет назад
CVE-2008-7252 libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.	CVSS2: 10	3% Низкий	больше 15 лет назад
CVE-2009-4605 scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.	CVSS2: 5	0% Низкий	больше 15 лет назад

Уязвимостей на страницу