rpm package
suse/phpMyAdmin&distro=SUSE Package Hub 15 SP4
pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015%20SP4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-25727 | — | < 5.2.1-bp154.2.3.1 | 5.2.1-bp154.2.3.1 | Feb 13, 2023 | In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. | ||
| CVE-2022-0813 | — | < 5.2.1-bp154.2.3.1 | 5.2.1-bp154.2.3.1 | Mar 9, 2022 | PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. | ||
| CVE-2022-23808 | — | < 5.2.1-bp154.2.3.1 | 5.2.1-bp154.2.3.1 | Jan 22, 2022 | An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | ||
| CVE-2022-23807 | — | < 5.2.1-bp154.2.3.1 | 5.2.1-bp154.2.3.1 | Jan 22, 2022 | An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. |
- CVE-2023-25727Feb 13, 2023affected < 5.2.1-bp154.2.3.1fixed 5.2.1-bp154.2.3.1
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
- CVE-2022-0813Mar 9, 2022affected < 5.2.1-bp154.2.3.1fixed 5.2.1-bp154.2.3.1
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
- CVE-2022-23808Jan 22, 2022affected < 5.2.1-bp154.2.3.1fixed 5.2.1-bp154.2.3.1
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
- CVE-2022-23807Jan 22, 2022affected < 5.2.1-bp154.2.3.1fixed 5.2.1-bp154.2.3.1
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.