CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11441
https://notcve.org/view.php?id=CVE-2020-11441
31 Mar 2020 — phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable. ** EN DISPUTA ** phpMyAdmin versión 5.0.2, permite una inyección CRLF, como es demostrado por las entradas %0D%0Astring%0D%0A en los campos del formulario de inicio de sesión, causando que las secuencias de tipo CRLF sean reflejadas sobre una página de error. NOTA: el proveedo... • https://github.com/phpmyadmin/phpmyadmin/issues/16056 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.0EPSS: 0%CPEs: 11EXPL: 0CVE-2020-10802 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2020-10802
22 Mar 2020 — In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2020-10803 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2020-10803
22 Mar 2020 — In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores a 5.0... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2020-10804
https://notcve.org/view.php?id=CVE-2020-10804
22 Mar 2020 — In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores a 5.0.2, se encontró una vulner... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2020-5504 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2020-5504
09 Jan 2020 — In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. En phpMyAdmin versiones 4 anteriores a 4.9.4 y versiones 5 anteriores a 5.0.1, una inyección SQL se presenta en la página de cuentas de usuario. Un usuario malicioso podría inyectar SQL personalizado en lugar de su propio nombre de usuario c... • https://github.com/xMohamed0/CVE-2020-5504-phpMyAdmin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19617
https://notcve.org/view.php?id=CVE-2019-19617
06 Dec 2019 — phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. phpMyAdmin versiones anteriores a 4.9.2 no escapa determinada información de Git, relacionada con las bibliotecas libraries/classes/Display/GitRevision.php y libraries/classes/Footer.php. • https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-18622 – Gentoo Linux Security Advisory 202003-39
https://notcve.org/view.php?id=CVE-2019-18622
22 Nov 2019 — An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. Se detectó un problema en phpMyAdmin versiones anteriores a 4.9.2. Se puede utilizar un nombre de base de datos/tabla diseñado para desencadenar un ataque de inyección SQL por medio de la funcionalidad designer. An SQL injection vulnerability in phpMyAdmin may allow attackers to execute arbitrary SQL statements. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 80%CPEs: 4EXPL: 4CVE-2019-12922 – phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-12922
13 Sep 2019 — A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. Un problema de tipo CSRF en phpMyAdmin versión 4.9.0.1, permite la eliminación de cualquier servidor en la página de Setup. phpMyAdmin version 4.9.0.1 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/154483 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2019-12616 – phpMyAdmin 4.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-12616
05 Jun 2019 — An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim. Un problema fue descubierto en phpMyAdmin antes del 4.9.0. Fue descubierta una vulnerabilidad que permite a un atacante desen... • https://packetstorm.news/files/id/153251 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11768 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2019-11768
05 Jun 2019 — An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. Fue descubierto un problema en phpMyAdmin anterior de la versión d 4.9.0.1. Se informó de una vulnerabilidad en la que se puede utilizar un nombre de base de datos especialmente diseñado para desencadenar un ataque de inyección de SQL a través de la función del diseñador. It was discovered that there was a bug ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •