phpMyAdmin — веб-приложение с открытым кодом, написанное на языке PHP и представляющее собой веб-интерфейс для администрирования СУБД MySQL.

Релизный цикл, информация об уязвимостях

Продукт: phpMyAdmin

Вендор: phpmyadmin

График релизов

Недавние уязвимости phpMyAdmin

Количество 1 095

CVE-2006-6374

около 19 лет назад

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...

CVSS2: 7.5

EPSS: Низкий

CVE-2006-6373

около 19 лет назад

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.

CVSS2: 5

EPSS: Низкий

CVE-2006-6374

около 19 лет назад

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.

CVSS2: 7.5

EPSS: Низкий

CVE-2006-5718

около 19 лет назад

Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.

CVSS2: 4.3

EPSS: Низкий

CVE-2006-5718

около 19 лет назад

Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2. ...

CVSS2: 4.3

EPSS: Низкий

CVE-2006-5718

около 19 лет назад

CVSS2: 4.3

EPSS: Низкий

CVE-2006-5116

около 19 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.

CVSS2: 5.1

EPSS: Низкий

CVE-2006-5117

около 19 лет назад

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.

CVSS2: 5

EPSS: Низкий

CVE-2006-5116

около 19 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdm ...

CVSS2: 5.1

EPSS: Низкий

CVE-2006-5117

около 19 лет назад

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web do ...

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2006-6374 Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...	CVSS2: 7.5	1% Низкий	около 19 лет назад
CVE-2006-6373 PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.	CVSS2: 5	0% Низкий	около 19 лет назад
CVE-2006-6374 Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.	CVSS2: 7.5	1% Низкий	около 19 лет назад
CVE-2006-5718 Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.	CVSS2: 4.3	1% Низкий	около 19 лет назад
CVE-2006-5718 Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2. ...	CVSS2: 4.3	1% Низкий	около 19 лет назад
CVE-2006-5718 Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.	CVSS2: 4.3	1% Низкий	около 19 лет назад
CVE-2006-5116 Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.	CVSS2: 5.1	4% Низкий	около 19 лет назад
CVE-2006-5117 phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.	CVSS2: 5	0% Низкий	около 19 лет назад
CVE-2006-5116 Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdm ...	CVSS2: 5.1	4% Низкий	около 19 лет назад
CVE-2006-5117 phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web do ...	CVSS2: 5	0% Низкий	около 19 лет назад

Уязвимостей на страницу