Количество 1 093
Количество 1 093
GHSA-q7pr-6mgq-3m32
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
GHSA-q6vw-39cg-wjjf
phpMyAdmin Directory Traversal vulnerability
GHSA-q64c-8ph3-645m
Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name.
GHSA-q586-xpwr-jc3j
phpMyAdmin cross-site scripting vulnerability in crafted view name
GHSA-q4mm-89q2-xffg
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
GHSA-q22m-2g7f-xqm5
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
GHSA-pw34-qf6c-84fc
phpMyAdmin XSS Vulnerability
GHSA-pvr5-84gr-g985
phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
GHSA-pvp5-3q7r-jxp6
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.
GHSA-prcg-mc23-hgjh
phpmyadmin contains SQL Injection vulnerability
GHSA-pqrf-8j6q-rpq5
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
GHSA-pm5m-9h5r-xcrg
phpMyAdmin extension for TYPO3 has Cross-site Scripting vulnerability
GHSA-phhm-63xx-v9rr
phpMyAdmin Reflected File Download attack
GHSA-pgqx-hcp9-24pq
Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.
GHSA-pgph-mc4p-f8c3
phpMyAdmin unsanitized Git information
GHSA-pg96-vwx3-63fm
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.
GHSA-pfxq-3wfw-4c7m
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.
GHSA-pfw8-43jj-c4g3
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
GHSA-p849-vf5f-f3x7
phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension
GHSA-p842-vv7g-4q9v
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-q7pr-6mgq-3m32 export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request. | 3% Низкий | около 3 лет назад | |
| GHSA-q6vw-39cg-wjjf phpMyAdmin Directory Traversal vulnerability | 11% Средний | около 3 лет назад | |
| GHSA-q64c-8ph3-645m Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. | 1% Низкий | около 3 лет назад | |
| GHSA-q586-xpwr-jc3j phpMyAdmin cross-site scripting vulnerability in crafted view name | 0% Низкий | около 3 лет назад | |
| GHSA-q4mm-89q2-xffg phpMyAdmin vulnerable to XML external entity (XXE) injection attack | CVSS3: 6.5 | 12% Средний | около 3 лет назад |
| GHSA-q22m-2g7f-xqm5 libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | 2% Низкий | около 3 лет назад | |
| GHSA-pw34-qf6c-84fc phpMyAdmin XSS Vulnerability | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
| GHSA-pvr5-84gr-g985 phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page | 0% Низкий | около 3 лет назад | |
| GHSA-pvp5-3q7r-jxp6 server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. | 0% Низкий | около 3 лет назад | |
| GHSA-prcg-mc23-hgjh phpmyadmin contains SQL Injection vulnerability | CVSS3: 9.8 | 3% Низкий | больше 2 лет назад |
| GHSA-pqrf-8j6q-rpq5 An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | CVSS3: 5.3 | 1% Низкий | около 3 лет назад |
| GHSA-pm5m-9h5r-xcrg phpMyAdmin extension for TYPO3 has Cross-site Scripting vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-phhm-63xx-v9rr phpMyAdmin Reflected File Download attack | CVSS3: 6.3 | 0% Низкий | около 3 лет назад |
| GHSA-pgqx-hcp9-24pq Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. | 1% Низкий | больше 3 лет назад | |
| GHSA-pgph-mc4p-f8c3 phpMyAdmin unsanitized Git information | CVSS3: 9.8 | 1% Низкий | около 3 лет назад |
| GHSA-pg96-vwx3-63fm phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | 0% Низкий | больше 3 лет назад | |
| GHSA-pfxq-3wfw-4c7m Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable. | 0% Низкий | больше 3 лет назад | |
| GHSA-pfw8-43jj-c4g3 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. | 1% Низкий | больше 3 лет назад | |
| GHSA-p849-vf5f-f3x7 phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension | CVSS3: 8.1 | 2% Низкий | около 3 лет назад |
| GHSA-p842-vv7g-4q9v phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу