rpm package
opensuse/phpMyAdmin&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.0
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-18622 | Cri | 9.8 | < 4.9.2-bp151.3.9.1 | 4.9.2-bp151.3.9.1 | Nov 22, 2019 | An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | |
| CVE-2019-12922 | Med | 6.5 | < 4.9.1-bp151.3.6.1 | 4.9.1-bp151.3.6.1 | Sep 13, 2019 | A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | |
| CVE-2019-12616 | Med | 6.5 | < 4.9.0.1-bp150.31.1 | 4.9.0.1-bp150.31.1 | Jun 5, 2019 | An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the | |
| CVE-2019-11768 | Cri | 9.8 | < 4.9.0.1-bp150.31.1 | 4.9.0.1-bp150.31.1 | Jun 5, 2019 | An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. | |
| CVE-2019-6799 | Med | 5.9 | < 4.8.5-bp150.3.9.1 | 4.8.5-bp150.3.9.1 | Jan 26, 2019 | An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_loca | |
| CVE-2019-6798 | Cri | 9.8 | < 4.8.5-bp150.3.9.1 | 4.8.5-bp150.3.9.1 | Jan 26, 2019 | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. |
- affected < 4.9.2-bp151.3.9.1fixed 4.9.2-bp151.3.9.1
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
- affected < 4.9.1-bp151.3.6.1fixed 4.9.1-bp151.3.6.1
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
- affected < 4.9.0.1-bp150.31.1fixed 4.9.0.1-bp150.31.1
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the
- affected < 4.9.0.1-bp150.31.1fixed 4.9.0.1-bp150.31.1
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
- affected < 4.8.5-bp150.3.9.1fixed 4.8.5-bp150.3.9.1
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_loca
- affected < 4.8.5-bp150.3.9.1fixed 4.8.5-bp150.3.9.1
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.