VYPR

rpm package

opensuse/phpMyAdmin&distro=openSUSE Leap 15.0

pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.0

Vulnerabilities (6)

  • CVE-2019-18622CriNov 22, 2019
    affected < 4.9.2-bp151.3.9.1fixed 4.9.2-bp151.3.9.1

    An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

  • CVE-2019-12922MedSep 13, 2019
    affected < 4.9.1-bp151.3.6.1fixed 4.9.1-bp151.3.6.1

    A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

  • CVE-2019-12616MedJun 5, 2019
    affected < 4.9.0.1-bp150.31.1fixed 4.9.0.1-bp150.31.1

    An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the

  • CVE-2019-11768CriJun 5, 2019
    affected < 4.9.0.1-bp150.31.1fixed 4.9.0.1-bp150.31.1

    An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.

  • CVE-2019-6799MedJan 26, 2019
    affected < 4.8.5-bp150.3.9.1fixed 4.8.5-bp150.3.9.1

    An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_loca

  • CVE-2019-6798CriJan 26, 2019
    affected < 4.8.5-bp150.3.9.1fixed 4.8.5-bp150.3.9.1

    An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.