Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmyadmin phpmyadmin vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-18622
An issue exists in phpMyAdmin prior to 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
Phpmyadmin Phpmyadmin
Opensuse Leap 15.0
Fedoraproject Fedora 30
Opensuse Leap 15.1
Fedoraproject Fedora 31
Opensuse Backports Sle 15.0
7.5
CVSSv2
CVE-2019-11768
An issue exists in phpMyAdmin prior to 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
Phpmyadmin Phpmyadmin
7.5
CVSSv2
CVE-2019-6798
An issue exists in phpMyAdmin prior to 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
Phpmyadmin Phpmyadmin
7.5
CVSSv2
CVE-2017-18264
An issue exists in libraries/common.inc.php in phpMyAdmin 4.0 prior to 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can...
Phpmyadmin Phpmyadmin
Phpmyadmin Phpmyadmin 4.7.0
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2016-9865
An issue exists in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (before 4.6.5), 4.4.x versions (before 4.4.15.9), and 4.0.x versions (before 4.0.10.18) are affected.
Phpmyadmin Phpmyadmin 4.0.10.14
Phpmyadmin Phpmyadmin 4.0.10.13
Phpmyadmin Phpmyadmin 4.0.10.6
Phpmyadmin Phpmyadmin 4.0.10.5
Phpmyadmin Phpmyadmin 4.0.8
Phpmyadmin Phpmyadmin 4.0.7
Phpmyadmin Phpmyadmin 4.0.6
Phpmyadmin Phpmyadmin 4.0.1
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 4.0.10.12
Phpmyadmin Phpmyadmin 4.0.10.11
Phpmyadmin Phpmyadmin 4.0.10.4
Phpmyadmin Phpmyadmin 4.0.10.3
Phpmyadmin Phpmyadmin 4.0.5
Phpmyadmin Phpmyadmin 4.0.4.2
Phpmyadmin Phpmyadmin 4.0.10.16
Phpmyadmin Phpmyadmin 4.0.10.15
Phpmyadmin Phpmyadmin 4.0.10.8
Phpmyadmin Phpmyadmin 4.0.10.7
Phpmyadmin Phpmyadmin 4.0.10
Phpmyadmin Phpmyadmin 4.0.9
Phpmyadmin Phpmyadmin 4.0.3
7.5
CVSSv2
CVE-2016-9849
An issue exists in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (before 4.6.5), 4.4.x versions (before 4.4.15.9), and 4.0.x vers...
Phpmyadmin Phpmyadmin 4.0.10.15
Phpmyadmin Phpmyadmin 4.0.10.14
Phpmyadmin Phpmyadmin 4.0.10.7
Phpmyadmin Phpmyadmin 4.0.10.6
Phpmyadmin Phpmyadmin 4.0.9
Phpmyadmin Phpmyadmin 4.0.8
Phpmyadmin Phpmyadmin 4.0.2
Phpmyadmin Phpmyadmin 4.0.1
Phpmyadmin Phpmyadmin 4.0.10.13
Phpmyadmin Phpmyadmin 4.0.10.12
Phpmyadmin Phpmyadmin 4.0.10.5
Phpmyadmin Phpmyadmin 4.0.10.4
Phpmyadmin Phpmyadmin 4.0.7
Phpmyadmin Phpmyadmin 4.0.6
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 4.0.10.17
Phpmyadmin Phpmyadmin 4.0.10.16
Phpmyadmin Phpmyadmin 4.0.10.9
Phpmyadmin Phpmyadmin 4.0.10.8
Phpmyadmin Phpmyadmin 4.0.10.1
Phpmyadmin Phpmyadmin 4.0.10
Phpmyadmin Phpmyadmin 4.0.4
7.5
CVSSv2
CVE-2016-6620
An issue exists in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x version...
Phpmyadmin Phpmyadmin 4.6.1
Phpmyadmin Phpmyadmin 4.6.0
Phpmyadmin Phpmyadmin 4.6.3
Phpmyadmin Phpmyadmin 4.6.2
Phpmyadmin Phpmyadmin 4.0.10.10
Phpmyadmin Phpmyadmin 4.0.10.9
Phpmyadmin Phpmyadmin 4.0.10.2
Phpmyadmin Phpmyadmin 4.0.10.1
Phpmyadmin Phpmyadmin 4.0.4.2
Phpmyadmin Phpmyadmin 4.0.4.1
Phpmyadmin Phpmyadmin 4.0.10.14
Phpmyadmin Phpmyadmin 4.0.10.13
Phpmyadmin Phpmyadmin 4.0.10.6
Phpmyadmin Phpmyadmin 4.0.10.5
Phpmyadmin Phpmyadmin 4.0.8
Phpmyadmin Phpmyadmin 4.0.7
Phpmyadmin Phpmyadmin 4.0.1
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 4.0.10.16
Phpmyadmin Phpmyadmin 4.0.10.15
Phpmyadmin Phpmyadmin 4.0.10.8
Phpmyadmin Phpmyadmin 4.0.10.7
7.5
CVSSv2
CVE-2016-5734
phpMyAdmin 4.0.x prior to 4.0.10.16, 4.4.x prior to 4.4.15.7, and 4.6.x prior to 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote malicious users to execute arbitrary PHP code via a crafted string, as dem...
Phpmyadmin Phpmyadmin 4.0.5
Phpmyadmin Phpmyadmin 4.0.4.2
Phpmyadmin Phpmyadmin 4.0.4.1
Phpmyadmin Phpmyadmin 4.0.10.6
Phpmyadmin Phpmyadmin 4.0.10.5
Phpmyadmin Phpmyadmin 4.0.9
Phpmyadmin Phpmyadmin 4.0.8
Phpmyadmin Phpmyadmin 4.0.2
Phpmyadmin Phpmyadmin 4.0.10.9
Phpmyadmin Phpmyadmin 4.0.10.2
Phpmyadmin Phpmyadmin 4.0.10.14
Phpmyadmin Phpmyadmin 4.0.1
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 4.0.10.11
Phpmyadmin Phpmyadmin 4.0.10.10
Phpmyadmin Phpmyadmin 4.0.10.15
Phpmyadmin Phpmyadmin 4.0.4
Phpmyadmin Phpmyadmin 4.0.3
Phpmyadmin Phpmyadmin 4.0.10.4
Phpmyadmin Phpmyadmin 4.0.10.3
Phpmyadmin Phpmyadmin 4.0.10.1
Phpmyadmin Phpmyadmin 4.0.10
1 EDB exploit
4 Github repositories
7.5
CVSSv2
CVE-2016-5703
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x prior to 4.4.15.7 and 4.6.x prior to 4.6.3 allows remote malicious users to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.
Opensuse Opensuse 13.1
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Phpmyadmin Phpmyadmin 4.4.5
Phpmyadmin Phpmyadmin 4.4.4
Phpmyadmin Phpmyadmin 4.4.15
Phpmyadmin Phpmyadmin 4.4.14.1
Phpmyadmin Phpmyadmin 4.4.1
Phpmyadmin Phpmyadmin 4.4.0
Phpmyadmin Phpmyadmin 4.4.9
Phpmyadmin Phpmyadmin 4.4.8
Phpmyadmin Phpmyadmin 4.4.7
Phpmyadmin Phpmyadmin 4.4.15.4
Phpmyadmin Phpmyadmin 4.4.15.3
Phpmyadmin Phpmyadmin 4.4.12
Phpmyadmin Phpmyadmin 4.4.11
Phpmyadmin Phpmyadmin 4.4.6.1
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.4.15.2
Phpmyadmin Phpmyadmin 4.4.15.1
Phpmyadmin Phpmyadmin 4.4.10
Phpmyadmin Phpmyadmin 4.4.1.1
7.5
CVSSv2
CVE-2012-5469
The Portable phpMyAdmin plugin prior to 1.3.1 for WordPress allows remote malicious users to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
Phpmyadmin Phpmyadmin 1.2.7
Phpmyadmin Phpmyadmin 1.2.6
Phpmyadmin Phpmyadmin 1.2.5
Phpmyadmin Phpmyadmin 1.2.4
Phpmyadmin Phpmyadmin 1.0.1
Phpmyadmin Phpmyadmin 1.0.0
Phpmyadmin Phpmyadmin 1.3
Phpmyadmin Phpmyadmin 1.2.9.5
Phpmyadmin Phpmyadmin 1.2.9.4
Phpmyadmin Phpmyadmin 1.2.9.3
Phpmyadmin Phpmyadmin 1.1
Phpmyadmin Phpmyadmin 1.0.8
Phpmyadmin Phpmyadmin 1.0.7
Phpmyadmin Phpmyadmin 1.0.6
Phpmyadmin Phpmyadmin 1.2.9.1
Phpmyadmin Phpmyadmin 1.2.8
Phpmyadmin Phpmyadmin 1.2.3
Phpmyadmin Phpmyadmin 1.2.1
Phpmyadmin Phpmyadmin 1.0.5
Phpmyadmin Phpmyadmin 1.0.3
Phpmyadmin Phpmyadmin 1.2.9.2
Phpmyadmin Phpmyadmin 1.2.9
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »