phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 095
GHSA-xqw9-ffx7-g998
phpMyAdmin cookie-attribute injection
GHSA-jfmj-27fp-qp67
phpMyAdmin Cross-site Scripting (XSS)
GHSA-94c8-rc5m-5x39
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
GHSA-qc6p-fjq3-q3x8
A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
GHSA-mhxj-6vf8-mwv3
phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention
GHSA-6j2v-g9rg-qcm5
phpMyAdmin Local file exposure through symlinks with UploadDir
GHSA-fcgm-62p3-f7cm
phpMyAdmin Local file exposure
GHSA-2mcj-3r3r-v5wm
phpMyAdmin DoS Vulnerability
GHSA-w93p-25g8-q8w9
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.
GHSA-r643-7xfg-ppc5
phpMyAdmin allows to detect if user is logged in
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-xqw9-ffx7-g998 phpMyAdmin cookie-attribute injection | CVSS3: 3.7 | 0% Низкий | больше 3 лет назад |
| GHSA-jfmj-27fp-qp67 phpMyAdmin Cross-site Scripting (XSS) | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-94c8-rc5m-5x39 An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
| GHSA-qc6p-fjq3-q3x8 A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-mhxj-6vf8-mwv3 phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
| GHSA-6j2v-g9rg-qcm5 phpMyAdmin Local file exposure through symlinks with UploadDir | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-fcgm-62p3-f7cm phpMyAdmin Local file exposure | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-2mcj-3r3r-v5wm phpMyAdmin DoS Vulnerability | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад |
| GHSA-w93p-25g8-q8w9 An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
| GHSA-r643-7xfg-ppc5 phpMyAdmin allows to detect if user is logged in | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу