CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2019-12616 – phpMyAdmin 4.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-12616
05 Jun 2019 — An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim. Un problema fue descubierto en phpMyAdmin antes del 4.9.0. Fue descubierta una vulnerabilidad que permite a un atacante desen... • https://packetstorm.news/files/id/153251 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11768 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2019-11768
05 Jun 2019 — An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. Fue descubierto un problema en phpMyAdmin anterior de la versión d 4.9.0.1. Se informó de una vulnerabilidad en la que se puede utilizar un nombre de base de datos especialmente diseñado para desencadenar un ataque de inyección de SQL a través de la función del diseñador. It was discovered that there was a bug ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 8%CPEs: 2EXPL: 0CVE-2019-6799 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2019-6799
26 Jan 2019 — An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls. Se ha descubierto un problema en phpMyAdmin en versiones anteriores a la 4.8.5. Cuando el ajuste de configuración "AllowArbitrarySe... • http://www.securityfocus.com/bid/106736 •
CVSS: 6.5EPSS: 14%CPEs: 2EXPL: 0CVE-2018-19968 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2018-19968
11 Dec 2018 — An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. Un atacante puede explotar phpMyAdmin en versiones anteriores a la 4... • http://www.securityfocus.com/bid/106178 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 0CVE-2018-19970 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2018-19970
11 Dec 2018 — In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. En phpMyAdmin, en versiones anteriores a la 4.8.4, se ha encontrado una vulnerabilidad Cross-Site Scripting (XSS) en el árbol de navegación, donde un atacante puede entregar una carga útil a un usuario mediante un nombre de base de datos/tabla manipulado. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin ... • http://www.securityfocus.com/bid/106181 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15605
https://notcve.org/view.php?id=CVE-2018-15605
24 Aug 2018 — An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. Se ha descubierto un problema en versiones anteriores a la 4.8.3 de phpMyAdmin. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) en la que un atacante puede emplear un archivo manipulado para manipular un usuario autenticado que cargue ese archivo mediante la caract... • http://www.securityfocus.com/bid/105168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12581
https://notcve.org/view.php?id=CVE-2018-12581
21 Jun 2018 — An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. Se ha descubierto un problema en js/designer/move.js en versiones anteriores a la 4.8.2 de phpMyAdmin. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) en la que un atacante puede emplear un nombre de base de datos manipulado para de... • http://www.securityfocus.com/bid/104530 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-18264
https://notcve.org/view.php?id=CVE-2017-18264
01 May 2018 — An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false whe... • http://www.securityfocus.com/bid/97211 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7260 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2018-7260
21 Feb 2018 — Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad Cross-Site Scripting (XSS) en db_central_columns.php en phpMyAdmin, en versiones anteriores a la 4.7.8, permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante una URL manipulada. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configu... • http://www.securityfocus.com/bid/103099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000014
https://notcve.org/view.php?id=CVE-2017-1000014
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de denegación de servicio (DOS) en la funcionalidad de table editing. • http://www.securityfocus.com/bid/95721 • CWE-20: Improper Input Validation •