Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmyadmin phpmyadmin vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-10188
phpMyAdmin 4.8.0 prior to 4.8.0-1 has CSRF, allowing an malicious user to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Phpmyadmin Phpmyadmin 4.8.0
1 EDB exploit
8.8
CVSSv3
CVE-2017-1000499
phpMyAdmin versions 4.7.x (before 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Phpmyadmin Phpmyadmin
1 EDB exploit
1 Github repository
8.8
CVSSv3
CVE-2017-1000017
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
Phpmyadmin Phpmyadmin
8.8
CVSSv3
CVE-2016-6619
An issue exists in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (before 4.6.4), 4.4.x versions (before 4.4.15.8), and 4.0.x versions (before 4.0.10.17) are affected.
Phpmyadmin Phpmyadmin 4.4.15.1
Phpmyadmin Phpmyadmin 4.4.15
Phpmyadmin Phpmyadmin 4.4.9
Phpmyadmin Phpmyadmin 4.4.8
Phpmyadmin Phpmyadmin 4.4.2
Phpmyadmin Phpmyadmin 4.4.1.1
Phpmyadmin Phpmyadmin 4.4.15.5
Phpmyadmin Phpmyadmin 4.4.15.4
Phpmyadmin Phpmyadmin 4.4.13.1
Phpmyadmin Phpmyadmin 4.4.13
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.4.5
Phpmyadmin Phpmyadmin 4.4.15.7
Phpmyadmin Phpmyadmin 4.4.15.6
Phpmyadmin Phpmyadmin 4.4.14.1
Phpmyadmin Phpmyadmin 4.4.14
Phpmyadmin Phpmyadmin 4.4.7
Phpmyadmin Phpmyadmin 4.4.6.1
Phpmyadmin Phpmyadmin 4.4.1
Phpmyadmin Phpmyadmin 4.4.0
Phpmyadmin Phpmyadmin 4.4.15.3
Phpmyadmin Phpmyadmin 4.4.15.2
8.8
CVSSv3
CVE-2016-6609
An issue exists in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (before 4.6.4), 4.4.x versions (before 4.4.15.8), and 4.0.x versions (before 4.0.10.17) are affected.
Phpmyadmin Phpmyadmin 4.4.15.7
Phpmyadmin Phpmyadmin 4.4.15.6
Phpmyadmin Phpmyadmin 4.4.14
Phpmyadmin Phpmyadmin 4.4.13.1
Phpmyadmin Phpmyadmin 4.4.7
Phpmyadmin Phpmyadmin 4.4.6.1
Phpmyadmin Phpmyadmin 4.4.1
Phpmyadmin Phpmyadmin 4.4.0
Phpmyadmin Phpmyadmin 4.4.15.2
Phpmyadmin Phpmyadmin 4.4.15.1
Phpmyadmin Phpmyadmin 4.4.11
Phpmyadmin Phpmyadmin 4.4.10
Phpmyadmin Phpmyadmin 4.4.4
Phpmyadmin Phpmyadmin 4.4.3
Phpmyadmin Phpmyadmin 4.4.15.5
Phpmyadmin Phpmyadmin 4.4.15.4
Phpmyadmin Phpmyadmin 4.4.15.3
Phpmyadmin Phpmyadmin 4.4.13
Phpmyadmin Phpmyadmin 4.4.12
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.4.5
Phpmyadmin Phpmyadmin 4.4.15
8.6
CVSSv3
CVE-2016-6621
The setup script for phpMyAdmin prior to 4.0.10.19, 4.4.x prior to 4.4.15.10, and 4.6.x prior to 4.6.6 allows remote malicious users to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
Phpmyadmin Phpmyadmin
Phpmyadmin Phpmyadmin 4.4.10
Phpmyadmin Phpmyadmin 4.4.11
Phpmyadmin Phpmyadmin 4.4.15.2
Phpmyadmin Phpmyadmin 4.4.15.3
Phpmyadmin Phpmyadmin 4.4.15.4
Phpmyadmin Phpmyadmin 4.4.5
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.4.1
Phpmyadmin Phpmyadmin 4.4.1.1
Phpmyadmin Phpmyadmin 4.4.15
Phpmyadmin Phpmyadmin 4.4.15.1
Phpmyadmin Phpmyadmin 4.4.3
Phpmyadmin Phpmyadmin 4.4.4
Phpmyadmin Phpmyadmin 4.4.12
Phpmyadmin Phpmyadmin 4.4.13
Phpmyadmin Phpmyadmin 4.4.15.5
Phpmyadmin Phpmyadmin 4.4.15.6
Phpmyadmin Phpmyadmin 4.4.6.1
Phpmyadmin Phpmyadmin 4.4.7
Phpmyadmin Phpmyadmin 4.4.15.9
Phpmyadmin Phpmyadmin 4.4.0
8.1
CVSSv3
CVE-2016-6606
An issue exists in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initial...
Phpmyadmin Phpmyadmin 4.4.15.2
Phpmyadmin Phpmyadmin 4.4.15.1
Phpmyadmin Phpmyadmin 4.4.11
Phpmyadmin Phpmyadmin 4.4.10
Phpmyadmin Phpmyadmin 4.4.3
Phpmyadmin Phpmyadmin 4.4.2
Phpmyadmin Phpmyadmin 4.4.15.4
Phpmyadmin Phpmyadmin 4.4.15.3
Phpmyadmin Phpmyadmin 4.4.13
Phpmyadmin Phpmyadmin 4.4.12
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.4.5
Phpmyadmin Phpmyadmin 4.4.4
Phpmyadmin Phpmyadmin 4.4.15.7
Phpmyadmin Phpmyadmin 4.4.15
Phpmyadmin Phpmyadmin 4.4.14.1
Phpmyadmin Phpmyadmin 4.4.9
Phpmyadmin Phpmyadmin 4.4.8
Phpmyadmin Phpmyadmin 4.4.1.1
Phpmyadmin Phpmyadmin 4.4.1
Phpmyadmin Phpmyadmin 4.4.15.6
Phpmyadmin Phpmyadmin 4.4.15.5
8.1
CVSSv3
CVE-2016-6617
An issue exists in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (before 4.6.4) are affected.
Phpmyadmin Phpmyadmin 4.6.1
Phpmyadmin Phpmyadmin 4.6.0
Phpmyadmin Phpmyadmin 4.6.3
Phpmyadmin Phpmyadmin 4.6.2
8.1
CVSSv3
CVE-2016-6611
An issue exists in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (before 4.6.4), 4.4.x versions (before 4.4.15.8), and 4.0.x versions (before 4.0.10.17) are affected.
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 4.0.10.11
Phpmyadmin Phpmyadmin 4.0.10.12
Phpmyadmin Phpmyadmin 4.0.10.5
Phpmyadmin Phpmyadmin 4.0.10.6
Phpmyadmin Phpmyadmin 4.0.4.1
Phpmyadmin Phpmyadmin 4.0.4.2
Phpmyadmin Phpmyadmin 4.0.10.1
Phpmyadmin Phpmyadmin 4.0.10.10
Phpmyadmin Phpmyadmin 4.0.10.3
Phpmyadmin Phpmyadmin 4.0.10.4
Phpmyadmin Phpmyadmin 4.0.3
Phpmyadmin Phpmyadmin 4.0.4
Phpmyadmin Phpmyadmin 4.0.9
Phpmyadmin Phpmyadmin 4.0.10.13
Phpmyadmin Phpmyadmin 4.0.10.15
Phpmyadmin Phpmyadmin 4.0.10.14
Phpmyadmin Phpmyadmin 4.0.10.7
Phpmyadmin Phpmyadmin 4.0.10.8
Phpmyadmin Phpmyadmin 4.0.5
Phpmyadmin Phpmyadmin 4.0.6
Phpmyadmin Phpmyadmin 4.0.1
8.1
CVSSv3
CVE-2016-6633
An issue exists in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (before 4.6.4), 4.4.x versions (before 4.4.15.8), and 4.0.x versions (before 4.0.10.17) ...
Phpmyadmin Phpmyadmin 4.0.10.10
Phpmyadmin Phpmyadmin 4.0.10.9
Phpmyadmin Phpmyadmin 4.0.10.2
Phpmyadmin Phpmyadmin 4.0.10.1
Phpmyadmin Phpmyadmin 4.0.4.2
Phpmyadmin Phpmyadmin 4.0.4.1
Phpmyadmin Phpmyadmin 4.0.4
Phpmyadmin Phpmyadmin 4.0.10.16
Phpmyadmin Phpmyadmin 4.0.10.15
Phpmyadmin Phpmyadmin 4.0.10.8
Phpmyadmin Phpmyadmin 4.0.10.7
Phpmyadmin Phpmyadmin 4.0.10
Phpmyadmin Phpmyadmin 4.0.9
Phpmyadmin Phpmyadmin 4.0.3
Phpmyadmin Phpmyadmin 4.0.2
Phpmyadmin Phpmyadmin 4.0.10.12
Phpmyadmin Phpmyadmin 4.0.10.11
Phpmyadmin Phpmyadmin 4.0.10.4
Phpmyadmin Phpmyadmin 4.0.10.3
Phpmyadmin Phpmyadmin 4.0.6
Phpmyadmin Phpmyadmin 4.0.5
Phpmyadmin Phpmyadmin 4.0.10.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »