Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmyadmin vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-25727
In phpMyAdmin prior to 4.9.11 and 5.x prior to 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
Phpmyadmin Phpmyadmin
9.8
CVSSv3
CVE-2020-22452
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x prior to 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
Phpmyadmin Phpmyadmin
4.8
CVSSv3
CVE-2022-2407
The WP phpMyAdmin WordPress plugin prior to 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
Puvox Wp Phpmyadmin
7.5
CVSSv3
CVE-2022-0813
PhpMyAdmin 5.1.1 and before allows an malicious user to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
Phpmyadmin Phpmyadmin
4.3
CVSSv3
CVE-2022-23807
An issue exists in phpMyAdmin 4.9 prior to 4.9.8 and 5.1 prior to 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
Phpmyadmin Phpmyadmin
6.1
CVSSv3
CVE-2022-23808
An issue exists in phpMyAdmin 5.1 prior to 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
Phpmyadmin Phpmyadmin
1 Github repository
7.5
CVSSv3
CVE-2021-26939
An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem
Henriquedornas Henriquedornas 5.2.17
8.8
CVSSv3
CVE-2020-22278
phpMyAdmin up to and including 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.
Phpmyadmin Phpmyadmin
6.1
CVSSv3
CVE-2020-26934
phpMyAdmin prior to 4.9.6 and 5.x prior to 5.0.3 allows XSS through the transformation feature via a crafted link.
Phpmyadmin Phpmyadmin
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2020-26935
An issue exists in SearchController in phpMyAdmin prior to 4.9.6 and 5.x prior to 5.0.3. A SQL injection vulnerability exists in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
Phpmyadmin Phpmyadmin
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »