CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7260 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2018-7260
21 Feb 2018 — Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad Cross-Site Scripting (XSS) en db_central_columns.php en phpMyAdmin, en versiones anteriores a la 4.7.8, permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante una URL manipulada. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configu... • http://www.securityfocus.com/bid/103099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2016-6621
https://notcve.org/view.php?id=CVE-2016-6621
31 Jan 2017 — The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. La secuencia de comandos de instalación para phpMyAdmin en versiones anteriores a 4.0.10.19, 4.4.x en versiones anteriores a 4.4.15.10 y 4.6.x en versiones anteriores a 4.6.6 permite a atacantes remotos realizar ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especific... • http://www.securityfocus.com/bid/95914 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5097 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5097
05 Jul 2016 — phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. phpMyAdmin en versiones anteriores a 4.6.2 emplaza tokens en cadenas de consulta y no gestiona su eliminación antes de la navegación externa, lo que permite a atacantes remotos obtener información sensible leyendo (1) peticiones HTTP o (2) los registros del servidor. Multi... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 150EXPL: 0CVE-2014-1879 – Debian Security Advisory 2975-1
https://notcve.org/view.php?id=CVE-2014-1879
20 Feb 2014 — Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. Vulnerabilidad de XSS en import.php en phpMyAdmin anterior a 4.1.7 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de un nombre de archivo manipulado en una acción import. Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticat... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 8%CPEs: 12EXPL: 3CVE-2013-1937 – phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1937
16 Apr 2013 — Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable. ** EN DISPUTA ** Múltiples vulnerabilidades Cross-Site Scripting (XSS) en tbl_gis_visualization.php en phpMyAdmin, en versiones 3.5.x anteriores a la 3.5.8, permiten que atacantes re... • https://www.exploit-db.com/exploits/38440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 3%CPEs: 30EXPL: 2CVE-2012-5469 – Portable phpMyAdmin <= 1.3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-5469
20 Dec 2012 — The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. El complemento phpMyAdmin Portable antes de v1.3.1 para WordPress permite a atacantes remotos evitar la autenticación y obtener acceso a la consola de phpMyAdmin a través de una solicitud directa al wp-content/plugins/portable-phpmyadmin/wp-pma-mod. The Portable phpMyAdmin plugin before 1.3.0... • https://www.exploit-db.com/exploits/23356 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 75EXPL: 0CVE-2011-2642
https://notcve.org/view.php?id=CVE-2011-2642
01 Aug 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la vista de implementación en la tabla Print en tbl_printview.php en phpMyAdmin anterior a v3.3.10.3 y v3.4.x anterior a v3.4.3.2 permite a usuarios aute... • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 67EXPL: 0CVE-2011-0986
https://notcve.org/view.php?id=CVE-2011-0986
14 Feb 2011 — phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. PhpMyAdmin v2.11.x antes de v2.11.11.2, y v3.3.x antes de v3.3.9.1, no controla correctamente la ausencia de los ficheros (1) README, (2) Changelog , y (3) Los archivos de licencia, que permite a atacantes remotos obtener la ruta de instalación a tr... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 69EXPL: 0CVE-2011-0987
https://notcve.org/view.php?id=CVE-2011-0987
14 Feb 2011 — The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. La función PMA_Bookmark_get en libraries/bookmark.lib.php de phpMyAdmin v2.11.x y anteriores a v2.11.11.3, y v3.3.x anteriores a v3.3.9.2,no restringe adecuadamente las consultas de bookmark, lo que hace más fácil ... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2010-4481
https://notcve.org/view.php?id=CVE-2010-4481
17 Dec 2010 — phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. phpMyAdmin anteriores a v3.4.0-beta1, permite a atacantes remotos evitar la autenticación y obtener información sensible a través de una solicitud directa al phpinfo.php, que llama a la función phpinfo. • http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4d9fd005671b05c4d74615d5939ed45e4d019e4c • CWE-287: Improper Authentication •