VYPR

phpMyAdmin

by PhpMyAdmin

Source repositories

CVEs (257)

  • CVE-2016-9862HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.

  • CVE-2016-9861HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

  • CVE-2016-6631HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the…

  • CVE-2016-6616HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.

  • CVE-2016-6614MedDec 11, 2016
    risk 0.44cvss 6.8epss 0.02

    An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All…

  • CVE-2025-24529MedJan 23, 2025
    risk 0.42cvss 6.4epss 0.00

    An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.

  • CVE-2017-1000016HigJul 17, 2017
    risk 0.42cvss 7.5epss 0.01

    A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.

  • CVE-2016-6630MedDec 11, 2016
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to…

  • CVE-2016-6623MedDec 11, 2016
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

  • CVE-2016-6618MedDec 11, 2016
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

  • CVE-2016-6612MedDec 11, 2016
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

  • CVE-2016-5739HigJul 3, 2016
    risk 0.42cvss 7.5epss 0.03

    The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an…

  • CVE-2016-5706HigJul 3, 2016
    risk 0.42cvss 7.5epss 0.03

    js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.

  • CVE-2016-2041HigFeb 20, 2016
    risk 0.42cvss 7.5epss 0.03

    libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time…

  • CVE-2016-1927HigFeb 20, 2016
    risk 0.42cvss 7.5epss 0.03

    The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.

  • CVE-2016-6628MedDec 11, 2016
    risk 0.41cvss 6.3epss 0.01

    An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

  • CVE-2005-4349MedDec 19, 2005
    risk 0.41cvss 6.3epss 0.01

    SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task…

  • CVE-2017-1000015MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.01

    phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters

  • CVE-2017-1000013MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.01

    phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness

  • CVE-2016-9857MedDec 11, 2016
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Page 2 of 13