Skip to main content
CVE-2016-2041 HIGH PATCH This Week

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Fedora Phpmyadmin Leap +1
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-1927 HIGH PATCH This Week

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-2038 MEDIUM PATCH This Month

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin Fedora Leap Opensuse
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2016-2040 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Fedora Leap Opensuse Phpmyadmin
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-2043 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Fedora Leap Opensuse Phpmyadmin
NVD GitHub
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-2045 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Phpmyadmin Fedora
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-2042 MEDIUM PATCH This Month

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Leap Opensuse Fedora +1
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-2044 MEDIUM PATCH This Month

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Fedora Phpmyadmin
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-2039 MEDIUM PATCH This Month

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF PHP Information Disclosure Leap Opensuse +2
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy