Skip to main content

Phpmyadmin

159 CVEs product

Monthly

CVE-2023-25727 PHP MEDIUM PATCH This Month

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-22452 PHP CRITICAL POC PATCH Act Now

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Phpmyadmin
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-0813 PHP HIGH PATCH This Week

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phpmyadmin
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-22278 HIGH POC This Week

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Phpmyadmin
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-26935 PHP CRITICAL POC PATCH THREAT Act Now

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Backports Sle Leap Fedora +1
NVD
CVSS 3.1
9.8
EPSS
67.1%
CVE-2020-26934 PHP MEDIUM PATCH This Month

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin Backports Sle Leap Fedora +1
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-11441 MEDIUM POC This Month

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Phpmyadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-10803 PHP MEDIUM PATCH This Month

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SQLi PHP Phpmyadmin Debian Linux +4
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-10802 PHP HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Phpmyadmin Debian Linux Fedora +3
NVD
CVSS 3.1
8.0
EPSS
2.1%
CVE-2020-10804 PHP HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Phpmyadmin Fedora Backports Sle +2
NVD
CVSS 3.1
8.0
EPSS
2.7%
CVE-2020-5504 PHP HIGH POC PATCH THREAT This Week

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Suse Linux Enterprise Server Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
38.8%
CVE-2019-19617 PHP CRITICAL PATCH Act Now

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Phpmyadmin Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-18622 PHP CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin Backports Sle Fedora Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-12922 PHP MEDIUM POC PATCH THREAT This Month

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Phpmyadmin Fedora
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
10.2%
CVE-2019-12616 PHP MEDIUM POC PATCH THREAT This Month

An issue was discovered in phpMyAdmin before 4.9.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Phpmyadmin
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
19.2%
CVE-2019-11768 PHP CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2019-6799 PHP MEDIUM POC PATCH THREAT This Month

An issue was discovered in phpMyAdmin before 4.8.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

PHP Information Disclosure Phpmyadmin Debian Linux
NVD
CVSS 3.0
5.9
EPSS
15.4%
CVE-2019-6798 PHP CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Phpmyadmin
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-19970 PHP MEDIUM PATCH This Month

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin Debian Linux
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-19969 PHP HIGH PATCH This Week

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Phpmyadmin
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-19968 PHP MEDIUM PATCH This Month

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin Debian Linux
NVD
CVSS 3.0
6.5
EPSS
3.3%
CVE-2018-15605 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin before 4.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD GitHub
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-12613 PHP HIGH POC PATCH THREAT Act Now

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Phpmyadmin
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
98.5%
CVE-2018-12581 PHP MEDIUM PATCH This Month

An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-10188 PHP HIGH POC PATCH This Week

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpmyadmin
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-7260 PHP MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 3.0
5.4
EPSS
1.6%
CVE-2017-1000018 PHP HIGH PATCH This Week

phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-1000017 PHP HIGH PATCH This Week

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Phpmyadmin
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-1000016 PHP HIGH PATCH This Week

A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1000015 PHP MEDIUM PATCH This Month

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-1000014 PHP HIGH PATCH This Week

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-1000013 PHP MEDIUM PATCH This Month

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6621 PHP HIGH PATCH This Week

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Phpmyadmin
NVD
CVSS 3.0
8.6
EPSS
0.4%
CVE-2016-9866 PHP CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Phpmyadmin
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-9865 CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Phpmyadmin
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-9864 HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-9863 PHP HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-9862 HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-9861 PHP HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-9860 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Phpmyadmin
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2016-9859 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-9858 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-9857 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-9856 PHP MEDIUM PATCH This Month

An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-9855 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2016-9854 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2016-9853 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2016-9852 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2016-9851 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9850 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-9849 CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Phpmyadmin
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-9848 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-9847 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-6633 PHP HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE PHP Phpmyadmin
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2016-6632 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2016-6631 HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection RCE Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2016-6630 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2016-6629 PHP CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Phpmyadmin
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-6628 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2016-6627 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-6626 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-6625 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-6624 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-6623 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-6622 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2016-6620 CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE PHP Phpmyadmin
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2016-6619 HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-6618 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-6617 HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-6616 HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6615 MEDIUM PATCH This Month

XSS issues were discovered in phpMyAdmin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-6614 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Phpmyadmin
NVD
CVSS 3.0
6.8
EPSS
1.1%
CVE-2016-6613 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-6612 PHP MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-6611 HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-6610 MEDIUM PATCH This Month

A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
4.3
EPSS
0.4%
CVE-2016-6609 PHP HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection PHP Phpmyadmin
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-6608 PHP MEDIUM PATCH This Month

XSS issues were discovered in phpMyAdmin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-6607 MEDIUM PATCH This Month

XSS issues were discovered in phpMyAdmin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-6606 HIGH PATCH This Week

An issue was discovered in cookie encryption in phpMyAdmin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Phpmyadmin
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-4412 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Information Disclosure Phpmyadmin
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2016-5099 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin Opensuse
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-5098 MEDIUM PATCH This Month

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Phpmyadmin Opensuse
NVD GitHub
CVSS 3.0
5.3
EPSS
0.5%
CVE-2016-5097 MEDIUM PATCH This Month

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Opensuse Phpmyadmin
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-5739 PHP HIGH PATCH This Week

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF PHP Information Disclosure Leap Opensuse +1
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-5734 PHP CRITICAL POC PATCH THREAT Act Now

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.0%.

RCE PHP Code Injection Phpmyadmin
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
87.0%
Threat
6.1
CVE-2016-5733 PHP MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin Leap Opensuse
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2016-5732 PHP MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5731 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Phpmyadmin Leap Opensuse
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-5730 PHP MEDIUM PATCH This Month

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin Leap Opensuse
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Phpmyadmin
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phpmyadmin
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Phpmyadmin
NVD
EPSS 67% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Backports Sle +3
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin Backports Sle +3
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Phpmyadmin
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SQLi PHP +6
NVD
EPSS 2% CVSS 8.0
HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Phpmyadmin +5
NVD
EPSS 3% CVSS 8.0
HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Phpmyadmin +4
NVD
EPSS 39% CVSS 8.8
HIGH POC PATCH THREAT This Week

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Suse Linux Enterprise Server +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Phpmyadmin +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin Backports Sle +2
NVD
EPSS 10% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Phpmyadmin Fedora
NVD GitHub Exploit-DB
EPSS 19% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

An issue was discovered in phpMyAdmin before 4.9.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Phpmyadmin
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
EPSS 15% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

An issue was discovered in phpMyAdmin before 4.8.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

PHP Information Disclosure Phpmyadmin +1
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Phpmyadmin
NVD
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin Debian Linux
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Phpmyadmin
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin Debian Linux
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin before 4.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD GitHub
EPSS 98% CVSS 8.8
HIGH POC PATCH THREAT Act Now

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Phpmyadmin
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpmyadmin
NVD Exploit-DB
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Phpmyadmin
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Phpmyadmin
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Phpmyadmin
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Phpmyadmin
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Phpmyadmin
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Phpmyadmin
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phpmyadmin
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Phpmyadmin
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Phpmyadmin
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Phpmyadmin
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phpmyadmin
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phpmyadmin
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Phpmyadmin
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Phpmyadmin
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE PHP Phpmyadmin
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Phpmyadmin
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection RCE Phpmyadmin
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Phpmyadmin
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Phpmyadmin
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Phpmyadmin
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Phpmyadmin
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE PHP +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

XSS issues were discovered in phpMyAdmin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Phpmyadmin
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in phpMyAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection PHP Phpmyadmin
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

XSS issues were discovered in phpMyAdmin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

XSS issues were discovered in phpMyAdmin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

An issue was discovered in cookie encryption in phpMyAdmin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Phpmyadmin
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin Opensuse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Phpmyadmin +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Opensuse Phpmyadmin
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF PHP Information Disclosure +3
NVD GitHub
EPSS 87% 6.1 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.0%.

RCE PHP Code Injection +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin Leap +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Phpmyadmin +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin +2
NVD GitHub
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy