Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmyadmin vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-18622
An issue exists in phpMyAdmin prior to 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
Phpmyadmin Phpmyadmin
Opensuse Leap 15.0
Fedoraproject Fedora 30
Opensuse Leap 15.1
Fedoraproject Fedora 31
Opensuse Backports Sle 15.0
5.8
CVSSv2
CVE-2019-12922
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
Phpmyadmin Phpmyadmin
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 EDB exploit
5.5
CVSSv2
CVE-2019-14721
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to remove a target user from phpMyAdmin via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14246
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
Centos-webpanel Centos Web Panel 0.9.8.851
4.6
CVSSv2
CVE-2018-20886
cPanel prior to 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).
Cpanel Cpanel
4.3
CVSSv2
CVE-2019-12616
An issue exists in phpMyAdmin prior to 4.9.0. A vulnerability was found that allows an malicious user to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin databa...
Phpmyadmin Phpmyadmin
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2019-11768
An issue exists in phpMyAdmin prior to 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
Phpmyadmin Phpmyadmin
7.5
CVSSv2
CVE-2019-6798
An issue exists in phpMyAdmin prior to 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
Phpmyadmin Phpmyadmin
4.3
CVSSv2
CVE-2019-6799
An issue exists in phpMyAdmin prior to 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local...
Phpmyadmin Phpmyadmin
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2018-19969
phpMyAdmin 4.7.x and 4.8.x versions before 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/...
Phpmyadmin Phpmyadmin
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »