CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15605
https://notcve.org/view.php?id=CVE-2018-15605
24 Aug 2018 — An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. Se ha descubierto un problema en versiones anteriores a la 4.8.3 de phpMyAdmin. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) en la que un atacante puede emplear un archivo manipulado para manipular un usuario autenticado que cargue ese archivo mediante la caract... • http://www.securityfocus.com/bid/105168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 97%CPEs: 1EXPL: 12CVE-2018-12613 – phpMyAdmin - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-12613
21 Jun 2018 — An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg[... • https://packetstorm.news/files/id/164623 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12581
https://notcve.org/view.php?id=CVE-2018-12581
21 Jun 2018 — An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. Se ha descubierto un problema en js/designer/move.js en versiones anteriores a la 4.8.2 de phpMyAdmin. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) en la que un atacante puede emplear un nombre de base de datos manipulado para de... • http://www.securityfocus.com/bid/104530 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-18264
https://notcve.org/view.php?id=CVE-2017-18264
01 May 2018 — An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false whe... • http://www.securityfocus.com/bid/97211 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-10188 – phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-10188
19 Apr 2018 — phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. phpMyAdmin 4.8.0 en versiones anteriores a la 4.8.0-1 tiene Cross-Site Request Forgery (CSRF), que permite que un atacante ejecute instrucciones SQL arbitrarias. Esto está relacionado con js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php y sql.php. phpMyAdmin versions 4.8.0 prior to 4... • https://packetstorm.news/files/id/147304 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7260 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2018-7260
21 Feb 2018 — Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad Cross-Site Scripting (XSS) en db_central_columns.php en phpMyAdmin, en versiones anteriores a la 4.7.8, permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante una URL manipulada. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configu... • http://www.securityfocus.com/bid/103099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 76%CPEs: 1EXPL: 4CVE-2017-1000499 – phpMyAdmin 4.7.x - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-1000499
03 Jan 2018 — phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Las versiones 4.7.x (anteriores a 4.7.6.1/4.7.7) de phpMyAdmin son vulnerables a una debilidad Cross-Site Request Forgery (CSRF). Al engañar a un usuario para que haga clic en una URL manipulada, es posible realizar operaciones dañinas para la base de datos, como el ... • https://packetstorm.news/files/id/149168 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000014
https://notcve.org/view.php?id=CVE-2017-1000014
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de denegación de servicio (DOS) en la funcionalidad de table editing. • http://www.securityfocus.com/bid/95721 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000015
https://notcve.org/view.php?id=CVE-2017-1000015
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de inyección de tipo CSS por medio de parámetros cookies creados. • http://www.securityfocus.com/bid/95726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1000017
https://notcve.org/view.php?id=CVE-2017-1000017
13 Jul 2017 — phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server phpMyAdmin versiones 4.0, 4.4 y 4.6 son vulnerables a una debilidad donde un usuario con los permisos adecuados puede conectarse a un servidor MySQL arbitrario. • http://www.securityfocus.com/bid/95732 • CWE-918: Server-Side Request Forgery (SSRF) •