Количество 1 095
Количество 1 095
GHSA-gcf3-96cg-hh53
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.
GHSA-g89x-ccw9-3vqf
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
GHSA-g564-g9wm-3q4m
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
GHSA-g53j-j47f-88h7
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
GHSA-g39j-4qc9-5rh4
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
GHSA-fw5c-3235-cprv
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
GHSA-frxq-rqm9-ppcr
phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.
GHSA-frv8-xjcp-hrm2
phpMyAdmin Cross-site Scripting vulnerability
GHSA-fmmw-6q24-3wqx
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.
GHSA-fm9c-6g88-w6vp
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
GHSA-fgj8-93xx-f6g6
phpMyAdmin SQL injection in user accounts page
GHSA-fffr-hwf6-2q7v
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.
GHSA-fcqp-fp43-h6gm
Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.
GHSA-fcgm-62p3-f7cm
phpMyAdmin Local file exposure
GHSA-fc5f-944q-53rg
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
GHSA-f9hx-5jq4-fgjm
phpMyAdmin CSRF Vulnerability
GHSA-f8wg-85r4-g3g3
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
GHSA-f8gp-vg7w-rp8x
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
GHSA-f766-fjw3-vvfv
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
GHSA-f732-fxh6-g4qj
phpMyAdmin SQL injection in Designer feature
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-gcf3-96cg-hh53 Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. | 1% Низкий | почти 4 года назад | |
| GHSA-g89x-ccw9-3vqf phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | 3% Низкий | почти 4 года назад | |
| GHSA-g564-g9wm-3q4m phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-g53j-j47f-88h7 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. | 1% Низкий | почти 4 года назад | |
| GHSA-g39j-4qc9-5rh4 phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. | 88% Высокий | больше 3 лет назад | |
| GHSA-fw5c-3235-cprv Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | CVSS3: 9.8 | 93% Критический | почти 4 года назад |
| GHSA-frxq-rqm9-ppcr phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. | 0% Низкий | больше 3 лет назад | |
| GHSA-frv8-xjcp-hrm2 phpMyAdmin Cross-site Scripting vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-fmmw-6q24-3wqx libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505. | 2% Низкий | больше 3 лет назад | |
| GHSA-fm9c-6g88-w6vp Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. | 1% Низкий | почти 4 года назад | |
| GHSA-fgj8-93xx-f6g6 phpMyAdmin SQL injection in user accounts page | CVSS3: 8.8 | 23% Средний | больше 3 лет назад |
| GHSA-fffr-hwf6-2q7v Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-fcqp-fp43-h6gm Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-fcgm-62p3-f7cm phpMyAdmin Local file exposure | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-fc5f-944q-53rg phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-f9hx-5jq4-fgjm phpMyAdmin CSRF Vulnerability | CVSS3: 8.8 | 6% Низкий | больше 3 лет назад |
| GHSA-f8wg-85r4-g3g3 Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-f8gp-vg7w-rp8x Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-f766-fjw3-vvfv Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. | 13% Средний | почти 4 года назад | |
| GHSA-f732-fxh6-g4qj phpMyAdmin SQL injection in Designer feature | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу