CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-18264
https://notcve.org/view.php?id=CVE-2017-18264
01 May 2018 — An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false whe... • http://www.securityfocus.com/bid/97211 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-10188 – phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-10188
19 Apr 2018 — phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. phpMyAdmin 4.8.0 en versiones anteriores a la 4.8.0-1 tiene Cross-Site Request Forgery (CSRF), que permite que un atacante ejecute instrucciones SQL arbitrarias. Esto está relacionado con js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php y sql.php. phpMyAdmin versions 4.8.0 prior to 4... • https://packetstorm.news/files/id/147304 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7260 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2018-7260
21 Feb 2018 — Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad Cross-Site Scripting (XSS) en db_central_columns.php en phpMyAdmin, en versiones anteriores a la 4.7.8, permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante una URL manipulada. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configu... • http://www.securityfocus.com/bid/103099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 76%CPEs: 1EXPL: 4CVE-2017-1000499 – phpMyAdmin 4.7.x - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-1000499
03 Jan 2018 — phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Las versiones 4.7.x (anteriores a 4.7.6.1/4.7.7) de phpMyAdmin son vulnerables a una debilidad Cross-Site Request Forgery (CSRF). Al engañar a un usuario para que haga clic en una URL manipulada, es posible realizar operaciones dañinas para la base de datos, como el ... • https://packetstorm.news/files/id/149168 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000014
https://notcve.org/view.php?id=CVE-2017-1000014
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de denegación de servicio (DOS) en la funcionalidad de table editing. • http://www.securityfocus.com/bid/95721 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000015
https://notcve.org/view.php?id=CVE-2017-1000015
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de inyección de tipo CSS por medio de parámetros cookies creados. • http://www.securityfocus.com/bid/95726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1000017
https://notcve.org/view.php?id=CVE-2017-1000017
13 Jul 2017 — phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server phpMyAdmin versiones 4.0, 4.4 y 4.6 son vulnerables a una debilidad donde un usuario con los permisos adecuados puede conectarse a un servidor MySQL arbitrario. • http://www.securityfocus.com/bid/95732 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 70EXPL: 0CVE-2017-1000013
https://notcve.org/view.php?id=CVE-2017-1000013
13 Jul 2017 — phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de redireccionamiento abierta. • http://www.securityfocus.com/bid/95720 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1000016
https://notcve.org/view.php?id=CVE-2017-1000016
13 Jul 2017 — A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. Se detectó una debilidad en la que un atacante puede inyectar valores arbitrarios en las cookies del navegador. Esta es una reedición de una solución incompleta de PMASA-2016-18. • https://www.phpmyadmin.net/security/PMASA-2017-5 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1000018
https://notcve.org/view.php?id=CVE-2017-1000018
13 Jul 2017 — phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de tipo DOS en el estado de replicación al usar un nombre de tabla especialmente creado. • http://www.securityfocus.com/bid/95738 • CWE-20: Improper Input Validation •