CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24529
https://notcve.org/view.php?id=CVE-2025-24529
23 Jan 2025 — An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab. • https://www.phpmyadmin.net/security/PMASA-2025-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24530
https://notcve.org/view.php?id=CVE-2025-24530
23 Jan 2025 — An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. • https://www.phpmyadmin.net/security/PMASA-2025-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25727
https://notcve.org/view.php?id=CVE-2023-25727
13 Feb 2023 — In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. • https://www.phpmyadmin.net/security/PMASA-2023-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22452
https://notcve.org/view.php?id=CVE-2020-22452
26 Jan 2023 — SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. • http://phpmyadmin.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0813 – PhpMyAdmin exposure of sensitive information
https://notcve.org/view.php?id=CVE-2022-0813
09 Mar 2022 — PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. PhpMyAdmin versiones 5.1.1 y anteriores, permiten a un atacante recuperar información potencialmente confidencial creando peticiones no válidas. Esto afecta al parámetro lang, al parámetro pma_ y a la cookie section Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial... • https://security.gentoo.org/glsa/202311-17 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23807 – Gentoo Linux Security Advisory 202311-17
https://notcve.org/view.php?id=CVE-2022-23807
22 Jan 2022 — An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. Se ha detectado un problema en phpMyAdmin versiones 4.9 anteriores a 4.9.8 y 5.1 anteriores a 5.1.2. Un usuario válido que ya está autenticado en phpMyAdmin puede manipular su cuenta para omitir la autenticación de dos factores en futuras instancias de inicio de sesión Multiple vulnera... • https://security.gentoo.org/glsa/202311-17 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 1CVE-2022-23808 – Gentoo Linux Security Advisory 202311-17
https://notcve.org/view.php?id=CVE-2022-23808
22 Jan 2022 — An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. Se ha detectado un problema en phpMyAdmin versiones 5.1 anteriores a 5.1.2. Un atacante puede inyectar código malicioso en aspectos del script de configuración, lo que puede permitir una inyección de tipo XSS o HTML Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service. Versions greater th... • https://github.com/dipakpanchal05/CVE-2022-23808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22278
https://notcve.org/view.php?id=CVE-2020-22278
04 Nov 2020 — phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents. ** EN DISPUTA ** phpMyAdmin versiones hasta 5.0.2, permite una inyección CSV por medio de una Export SectionNOTA: el vendedor lo discute porque "el archivo CSV se genera con precisión en base al contenido de la base de datos" • https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22278.pdf • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-26934 – Gentoo Linux Security Advisory 202101-35
https://notcve.org/view.php?id=CVE-2020-26934
10 Oct 2020 — phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3, permite un ataque de tipo XSS por medio de la funcionalidad de transformación mediante un enlace diseñado It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. It wa... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 11EXPL: 1CVE-2020-26935 – Gentoo Linux Security Advisory 202101-35
https://notcve.org/view.php?id=CVE-2020-26935
10 Oct 2020 — An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. Se detectó un problema en SearchController en phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3. Se detectó una vulnerabilidad de inyección SQL en cómo phpMyAdmin procesa las sentencias SQL en la funcionalidad de... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •