Skip to main content

Phpmyadmin

159 CVEs product

Monthly

CVE-2016-5706 PHP HIGH PATCH This Week

js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP Phpmyadmin Leap Opensuse
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2016-5705 PHP MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse Phpmyadmin
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-5704 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5703 CRITICAL PATCH Act Now

SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Leap Opensuse Phpmyadmin
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2016-5702 PHP LOW PATCH Monitor

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Code Injection Phpmyadmin
NVD GitHub
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-5701 PHP MEDIUM PATCH This Month

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Code Injection Phpmyadmin Leap Opensuse
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-2562 PHP MEDIUM PATCH This Month

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

PHP Information Disclosure Phpmyadmin
NVD GitHub
CVSS 3.0
6.8
EPSS
0.2%
CVE-2016-2561 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-2560 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-2559 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-2045 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Phpmyadmin Fedora
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-2044 MEDIUM PATCH This Month

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Fedora Phpmyadmin
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-2043 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Fedora Leap Opensuse Phpmyadmin
NVD GitHub
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-2042 MEDIUM PATCH This Month

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Leap Opensuse Fedora +1
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-2041 PHP HIGH PATCH This Week

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Fedora Phpmyadmin Leap +1
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-2040 PHP MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Fedora Leap Opensuse Phpmyadmin
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-2039 MEDIUM PATCH This Month

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF PHP Information Disclosure Leap Opensuse +2
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-2038 MEDIUM PATCH This Month

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin Fedora Leap Opensuse
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2016-1927 PHP HIGH PATCH This Week

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2015-8669 MEDIUM This Month

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD GitHub
CVSS 3.0
5.3
EPSS
0.5%
CVE-2015-7873 PHP MEDIUM PATCH This Month

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Phpmyadmin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-6830 PHP MEDIUM POC PATCH THREAT This Month

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

PHP Information Disclosure Phpmyadmin
NVD GitHub Exploit-DB
CVSS 2.0
5.0
EPSS
21.2%
CVE-2015-3903 MEDIUM POC PATCH This Month

libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP Information Disclosure Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
1.2%
CVE-2015-3902 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Phpmyadmin
NVD GitHub
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-2206 MEDIUM This Month

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Information Disclosure Fedora Phpmyadmin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-9219 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-9218 MEDIUM POC PATCH THREAT This Month

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service PHP Phpmyadmin
NVD Exploit-DB GitHub
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-8961 MEDIUM PATCH This Month

Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Phpmyadmin Opensuse
NVD GitHub
CVSS 2.0
4.0
EPSS
1.4%
CVE-2014-8960 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-8959 MEDIUM POC PATCH This Month

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
6.5
EPSS
2.8%
CVE-2014-8958 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-6300 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS CSRF Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8326 PHP LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin Opensuse
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-7217 PHP LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-5274 PHP LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin Opensuse
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-5273 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-4987 MEDIUM This Month

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4986 PHP LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-4955 LOW Monitor

Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-4954 LOW Monitor

Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-4349 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-4348 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-1879 LOW Monitor

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5029 MEDIUM POC PATCH This Month

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP Authentication Bypass Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
1.7%
CVE-2013-5003 MEDIUM This Month

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Phpmyadmin
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-5002 PHP LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

PHP XSS Phpmyadmin
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5001 LOW Monitor

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Phpmyadmin
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5000 MEDIUM This Month

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4999 MEDIUM This Month

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4998 MEDIUM This Month

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4997 PHP MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Phpmyadmin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4996 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Phpmyadmin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4995 LOW Monitor

Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Phpmyadmin
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4729 PHP MEDIUM POC PATCH This Month

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Phpmyadmin
NVD GitHub
CVSS 2.0
5.5
EPSS
0.4%
CVE-2013-3742 LOW Monitor

Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-3241 MEDIUM POC This Month

export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Code Injection Phpmyadmin
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
3.4%
CVE-2013-3240 MEDIUM POC This Month

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Phpmyadmin
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.1%
CVE-2013-3239 PHP MEDIUM POC PATCH THREAT This Month

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.3%.

PHP Code Injection Apache RCE Phpmyadmin
NVD GitHub Exploit-DB
CVSS 2.0
4.6
EPSS
12.3%
CVE-2013-3238 MEDIUM POC THREAT This Month

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.6%.

RCE Phpmyadmin
NVD Exploit-DB GitHub
CVSS 2.0
6.0
EPSS
64.6%
Threat
4.6
CVE-2013-1937 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpmyadmin
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
8.8%
CVE-2012-5469 HIGH POC This Week

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Phpmyadmin
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.8%
CVE-2012-5368 PHP MEDIUM PATCH This Month

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-5339 PHP LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-5159 HIGH POC THREAT Act Now

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 87.9%.

PHP Code Injection RCE Phpmyadmin
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
87.9%
Threat
5.6
CVE-2012-4579 PHP LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-4345 PHP LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-4219 MEDIUM POC PATCH This Month

show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Phpmyadmin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-1190 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-1902 MEDIUM PATCH This Month

show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
EPSS 3% CVSS 7.5
HIGH PATCH This Week

js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP Phpmyadmin +2
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Leap +2
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Code Injection Phpmyadmin
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Code Injection Phpmyadmin +2
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

PHP Information Disclosure Phpmyadmin
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Phpmyadmin Fedora
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Fedora +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Fedora Leap +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Leap +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Fedora +3
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Fedora Leap +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF PHP Information Disclosure +4
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Phpmyadmin Fedora +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyadmin
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Phpmyadmin
NVD GitHub
EPSS 21% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

PHP Information Disclosure Phpmyadmin
NVD GitHub Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP Information Disclosure Phpmyadmin
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Phpmyadmin
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 15% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service PHP Phpmyadmin
NVD Exploit-DB GitHub
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Phpmyadmin +1
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Opensuse +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS CSRF Opensuse +1
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin +1
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin Opensuse
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Opensuse +1
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phpmyadmin
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Phpmyadmin
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM POC PATCH This Month

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP Authentication Bypass Opensuse +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Phpmyadmin
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

PHP XSS Phpmyadmin
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Phpmyadmin
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Phpmyadmin
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Phpmyadmin
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Phpmyadmin
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Phpmyadmin
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Phpmyadmin
NVD GitHub
EPSS 3% CVSS 4.0
MEDIUM POC This Month

export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Code Injection Phpmyadmin
NVD Exploit-DB
EPSS 4% CVSS 6.5
MEDIUM POC This Month

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Phpmyadmin
NVD Exploit-DB
EPSS 12% CVSS 4.6
MEDIUM POC PATCH THREAT This Month

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.3%.

PHP Code Injection Apache +2
NVD GitHub Exploit-DB
EPSS 65% 4.6 CVSS 6.0
MEDIUM POC THREAT This Month

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.6%.

RCE Phpmyadmin
NVD Exploit-DB GitHub
EPSS 9% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpmyadmin
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.5
HIGH POC This Week

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Phpmyadmin
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD GitHub
EPSS 88% 5.6 CVSS 7.5
HIGH POC THREAT Act Now

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 87.9%.

PHP Code Injection RCE +1
NVD Exploit-DB
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Phpmyadmin
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Phpmyadmin
NVD GitHub
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy