Логотип exploitDog
product: "phpmyadmin"
Консоль
Логотип exploitDog

exploitDog

product: "phpmyadmin"

Количество 1 093

Количество 1 093

github логотип

GHSA-9ggj-rc46-h95f

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.

EPSS: Низкий
github логотип

GHSA-9cxr-7vrj-vpj8

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

EPSS: Средний
github логотип

GHSA-99xj-xqc9-98hr

около 3 лет назад

phpMyAdmin SSRF in replication

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-97x5-mp4j-qrgq

около 3 лет назад

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-97pg-mf6p-74fr

больше 3 лет назад

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.

EPSS: Низкий
github логотип

GHSA-97fm-cg55-639q

около 3 лет назад

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-96fj-xvfq-8rxm

около 3 лет назад

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

EPSS: Низкий
github логотип

GHSA-9645-6g72-2pv8

около 3 лет назад

phpMyAdmin unsafely handles temporary files

EPSS: Низкий
github логотип

GHSA-95j2-g4qr-3jj6

больше 3 лет назад

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.

EPSS: Низкий
github логотип

GHSA-95g8-x9vg-h9h4

больше 3 лет назад

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.

EPSS: Низкий
github логотип

GHSA-94c8-rc5m-5x39

около 3 лет назад

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-8wqv-f9xx-xf24

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.

EPSS: Средний
github логотип

GHSA-8wf2-3ggj-78q9

больше 3 лет назад

Improper Authentication in phpmyadmin

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-8w5f-7346-5p5m

около 3 лет назад

An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-8vv2-p6c9-46c2

около 3 лет назад

show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.

EPSS: Низкий
github логотип

GHSA-8pvh-2357-g3c2

около 3 лет назад

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-8m97-xc46-rw9w

около 3 лет назад

phpMyAdmin Unsafe comparison of XSRF/CSRF token

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-8m58-pwg7-52c3

около 3 лет назад

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable."

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-8hf4-h9w2-2g7p

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.

EPSS: Низкий
github логотип

GHSA-8c4c-pxpc-3vv4

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-9ggj-rc46-h95f

Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.

9%
Низкий
больше 3 лет назад
github логотип
GHSA-9cxr-7vrj-vpj8

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

11%
Средний
больше 3 лет назад
github логотип
GHSA-99xj-xqc9-98hr

phpMyAdmin SSRF in replication

CVSS3: 8.8
1%
Низкий
около 3 лет назад
github логотип
GHSA-97x5-mp4j-qrgq

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

CVSS3: 6.1
0%
Низкий
около 3 лет назад
github логотип
GHSA-97pg-mf6p-74fr

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-97fm-cg55-639q

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 6.8
1%
Низкий
около 3 лет назад
github логотип
GHSA-96fj-xvfq-8rxm

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

4%
Низкий
около 3 лет назад
github логотип
GHSA-9645-6g72-2pv8

phpMyAdmin unsafely handles temporary files

3%
Низкий
около 3 лет назад
github логотип
GHSA-95j2-g4qr-3jj6

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-95g8-x9vg-h9h4

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-94c8-rc5m-5x39

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 8.1
0%
Низкий
около 3 лет назад
github логотип
GHSA-8wqv-f9xx-xf24

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.

10%
Средний
больше 3 лет назад
github логотип
GHSA-8wf2-3ggj-78q9

Improper Authentication in phpmyadmin

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-8w5f-7346-5p5m

An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 6.5
1%
Низкий
около 3 лет назад
github логотип
GHSA-8vv2-p6c9-46c2

show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.

0%
Низкий
около 3 лет назад
github логотип
GHSA-8pvh-2357-g3c2

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS3: 8.1
0%
Низкий
около 3 лет назад
github логотип
GHSA-8m97-xc46-rw9w

phpMyAdmin Unsafe comparison of XSRF/CSRF token

CVSS3: 7.5
1%
Низкий
около 3 лет назад
github логотип
GHSA-8m58-pwg7-52c3

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable."

CVSS3: 6.1
8%
Низкий
около 3 лет назад
github логотип
GHSA-8hf4-h9w2-2g7p

Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.

1%
Низкий
около 3 лет назад
github логотип
GHSA-8c4c-pxpc-3vv4

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

1%
Низкий
больше 3 лет назад

Уязвимостей на страницу