Количество 1 093
Количество 1 093
GHSA-j6cp-32xj-xr29
phpMyAdmin through 5.0.2 allows CSV injection via Export Section
GHSA-j43g-fq6v-2f6j
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
GHSA-j2wm-vcg8-rf5v
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
GHSA-j2jx-6pcj-jfpf
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page.
GHSA-j2cq-h6v2-f875
phpMyAdmin Cookie attribute injection attack
GHSA-hwj9-6xq5-j7qj
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
GHSA-hvw8-56v7-x24q
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.
GHSA-hq77-gw5q-x5p4
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
GHSA-hmmx-wxh4-9w8w
phpMyAdmin XSS Vulnerability
GHSA-hc8v-m2rw-4fc4
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
GHSA-gv8h-mg99-wgj9
An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
GHSA-grjf-44jw-phc3
XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.
GHSA-gqxw-w7hq-j9fr
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
GHSA-gqmj-f46x-wqhw
phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature
GHSA-gmc7-jvv7-w245
phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information
GHSA-gj5v-2g4g-3xxm
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
GHSA-ghr7-5368-f73m
Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name.
GHSA-ggm5-jxm9-g55m
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
GHSA-gg36-9346-9qx9
phpMyAdmin Remote Code Execution
GHSA-gcvp-cwgw-wx8j
phpMyAdmin XSS Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-j6cp-32xj-xr29 phpMyAdmin through 5.0.2 allows CSV injection via Export Section | 0% Низкий | около 3 лет назад | |
| GHSA-j43g-fq6v-2f6j Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | 1% Низкий | больше 3 лет назад | |
| GHSA-j2wm-vcg8-rf5v An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-j2jx-6pcj-jfpf phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. | 2% Низкий | около 3 лет назад | |
| GHSA-j2cq-h6v2-f875 phpMyAdmin Cookie attribute injection attack | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-hwj9-6xq5-j7qj An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | CVSS3: 5.3 | 1% Низкий | около 3 лет назад |
| GHSA-hvw8-56v7-x24q Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. | 4% Низкий | около 3 лет назад | |
| GHSA-hq77-gw5q-x5p4 Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. | 1% Низкий | больше 3 лет назад | |
| GHSA-hmmx-wxh4-9w8w phpMyAdmin XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-hc8v-m2rw-4fc4 libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | CVSS3: 5.3 | 1% Низкий | около 3 лет назад |
| GHSA-gv8h-mg99-wgj9 An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-grjf-44jw-phc3 XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-gqxw-w7hq-j9fr The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | 2% Низкий | больше 3 лет назад | |
| GHSA-gqmj-f46x-wqhw phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-gmc7-jvv7-w245 phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information | 1% Низкий | около 3 лет назад | |
| GHSA-gj5v-2g4g-3xxm Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. | 2% Низкий | больше 3 лет назад | |
| GHSA-ghr7-5368-f73m Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. | 0% Низкий | около 3 лет назад | |
| GHSA-ggm5-jxm9-g55m Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. | 2% Низкий | больше 3 лет назад | |
| GHSA-gg36-9346-9qx9 phpMyAdmin Remote Code Execution | CVSS3: 8.5 | 12% Средний | около 3 лет назад |
| GHSA-gcvp-cwgw-wx8j phpMyAdmin XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу