Количество 1 095
Количество 1 095
GHSA-8987-93fh-rcwq
phpMyAdmin Cross-site Scripting (XSS) vulnerability
GHSA-7wx4-pm9p-2c7w
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
GHSA-7rqv-2fvv-3pcq
An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.
GHSA-7rf8-9r8f-qf59
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser
GHSA-7g9j-m92v-995c
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
GHSA-7f3j-w8q6-49h4
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.
GHSA-795w-6gcg-9r8x
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
GHSA-782v-4ghj-5xm3
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.
GHSA-75vh-37rf-cpgj
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
GHSA-756j-8p5m-2p7m
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.
GHSA-72c5-c55w-559j
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
GHSA-6x9q-9h2v-cmc6
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
GHSA-6wfj-2mw7-p5cg
phpMyAdmin micro history Implementation XSS Vulnerability
GHSA-6rjg-fx3r-69qh
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.
GHSA-6q2j-8h8q-46mr
phpMyAdmin vulnerable to Cross-site Scripting
GHSA-6m6g-jfj8-2gh7
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
GHSA-6j2v-g9rg-qcm5
phpMyAdmin Local file exposure through symlinks with UploadDir
GHSA-6hr3-44gx-g6wh
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
GHSA-6cqw-hv35-68q6
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
GHSA-6c72-xp63-q5vp
Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-8987-93fh-rcwq phpMyAdmin Cross-site Scripting (XSS) vulnerability | CVSS3: 6.1 | 2% Низкий | больше 3 лет назад |
| GHSA-7wx4-pm9p-2c7w Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. | 1% Низкий | почти 4 года назад | |
| GHSA-7rqv-2fvv-3pcq An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-7rf8-9r8f-qf59 phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-7g9j-m92v-995c Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. | 1% Низкий | почти 4 года назад | |
| GHSA-7f3j-w8q6-49h4 Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. | 1% Низкий | почти 4 года назад | |
| GHSA-795w-6gcg-9r8x Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. | 0% Низкий | почти 4 года назад | |
| GHSA-782v-4ghj-5xm3 Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. | 4% Низкий | почти 4 года назад | |
| GHSA-75vh-37rf-cpgj phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-756j-8p5m-2p7m libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. | 17% Средний | больше 3 лет назад | |
| GHSA-72c5-c55w-559j phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | 1% Низкий | почти 4 года назад | |
| GHSA-6x9q-9h2v-cmc6 SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. | 3% Низкий | почти 4 года назад | |
| GHSA-6wfj-2mw7-p5cg phpMyAdmin micro history Implementation XSS Vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-6rjg-fx3r-69qh phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | 0% Низкий | почти 4 года назад | |
| GHSA-6q2j-8h8q-46mr phpMyAdmin vulnerable to Cross-site Scripting | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-6m6g-jfj8-2gh7 Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. | 0% Низкий | больше 3 лет назад | |
| GHSA-6j2v-g9rg-qcm5 phpMyAdmin Local file exposure through symlinks with UploadDir | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-6hr3-44gx-g6wh Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin | CVSS3: 5.4 | 8% Низкий | почти 3 года назад |
| GHSA-6cqw-hv35-68q6 phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. | 65% Средний | больше 3 лет назад | |
| GHSA-6c72-xp63-q5vp Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу