Page 6 of 148 results (0.008 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad Cross-Site Scripting (XSS) en db_central_columns.php en phpMyAdmin, en versiones anteriores a la 4.7.8, permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante una URL manipulada. • http://www.securityfocus.com/bid/103099 https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3 https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin https://www.phpmyadmin.net/security/PMASA-2018-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 74%CPEs: 1EXPL: 3

phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Las versiones 4.7.x (anteriores a 4.7.6.1/4.7.7) de phpMyAdmin son vulnerables a una debilidad Cross-Site Request Forgery (CSRF). Al engañar a un usuario para que haga clic en una URL manipulada, es posible realizar operaciones dañinas para la base de datos, como el borrado de registros, anulación/truncado de tablas, etc. phpMyAdmin version 4.7.x suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/45284 https://github.com/Villaquiranm/5MMISSI-CVE-2017-1000499 http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click http://www.securitytracker.com/id/1040163 https://www.phpmyadmin.net/security/PMASA-2017-9 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. Se detectó una debilidad en la que un atacante puede inyectar valores arbitrarios en las cookies del navegador. Esta es una reedición de una solución incompleta de PMASA-2016-18. • https://www.phpmyadmin.net/security/PMASA-2017-5 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality phpMyAdmin en las versiones 4,0, 4,4, y 4,6 es vulnerable a una debilidad de denegación de servicio (DOS) en la funcionalidad de table editing. • http://www.securityfocus.com/bid/95721 https://www.phpmyadmin.net/security/PMASA-2017-3 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name phpMyAdmin en las versiones 4.0, 4.4 y 4.6 es vulnerable a un ataque de tipo DOS en el estado de replicación al usar un nombre de tabla especialmente creado. • http://www.securityfocus.com/bid/95738 https://www.phpmyadmin.net/security/PMASA-2017-7 • CWE-20: Improper Input Validation •