CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25727
https://notcve.org/view.php?id=CVE-2023-25727
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. • https://www.phpmyadmin.net/security/PMASA-2023-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22452
https://notcve.org/view.php?id=CVE-2020-22452
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. • http://phpmyadmin.com https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog https://github.com/phpmyadmin/phpmyadmin/issues/15898 https://github.com/phpmyadmin/phpmyadmin/pull/16004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0813 – PhpMyAdmin exposure of sensitive information
https://notcve.org/view.php?id=CVE-2022-0813
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. PhpMyAdmin versiones 5.1.1 y anteriores, permiten a un atacante recuperar información potencialmente confidencial creando peticiones no válidas. Esto afecta al parámetro lang, al parámetro pma_ y a la cookie section • https://security.gentoo.org/glsa/202311-17 https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23807
https://notcve.org/view.php?id=CVE-2022-23807
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. Se ha detectado un problema en phpMyAdmin versiones 4.9 anteriores a 4.9.8 y 5.1 anteriores a 5.1.2. Un usuario válido que ya está autenticado en phpMyAdmin puede manipular su cuenta para omitir la autenticación de dos factores en futuras instancias de inicio de sesión • https://security.gentoo.org/glsa/202311-17 https://www.phpmyadmin.net/security/PMASA-2022-1 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2022-23808
https://notcve.org/view.php?id=CVE-2022-23808
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. Se ha detectado un problema en phpMyAdmin versiones 5.1 anteriores a 5.1.2. Un atacante puede inyectar código malicioso en aspectos del script de configuración, lo que puede permitir una inyección de tipo XSS o HTML • https://github.com/dipakpanchal05/CVE-2022-23808 https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97 https://security.gentoo.org/glsa/202311-17 https://www.phpmyadmin.net/security/PMASA-2022-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •