Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmyadmin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-18622
An issue exists in phpMyAdmin prior to 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
Phpmyadmin Phpmyadmin
Opensuse Leap 15.0
Fedoraproject Fedora 30
Opensuse Leap 15.1
Fedoraproject Fedora 31
Opensuse Backports Sle 15.0
6.5
CVSSv3
CVE-2019-12922
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
Phpmyadmin Phpmyadmin
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 EDB exploit
6.5
CVSSv3
CVE-2019-14721
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to remove a target user from phpMyAdmin via an attacker account.
Control-webpanel Webpanel 0.9.8.851
6.5
CVSSv3
CVE-2019-14246
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
Centos-webpanel Centos Web Panel 0.9.8.851
5.3
CVSSv3
CVE-2018-20886
cPanel prior to 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).
Cpanel Cpanel
9.8
CVSSv3
CVE-2019-11768
An issue exists in phpMyAdmin prior to 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
Phpmyadmin Phpmyadmin
6.5
CVSSv3
CVE-2019-12616
An issue exists in phpMyAdmin prior to 4.9.0. A vulnerability was found that allows an malicious user to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin databa...
Phpmyadmin Phpmyadmin
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2019-6798
An issue exists in phpMyAdmin prior to 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
Phpmyadmin Phpmyadmin
5.9
CVSSv3
CVE-2019-6799
An issue exists in phpMyAdmin prior to 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local...
Phpmyadmin Phpmyadmin
Debian Debian Linux 8.0
6.1
CVSSv3
CVE-2018-19970
In phpMyAdmin prior to 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
Phpmyadmin Phpmyadmin
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »