Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmyadmin vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-19968
An attacker can exploit phpMyAdmin prior to 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which th...
Phpmyadmin Phpmyadmin
Debian Debian Linux 8.0
1 Github repository
8.8
CVSSv3
CVE-2018-19969
phpMyAdmin 4.7.x and 4.8.x versions before 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/...
Phpmyadmin Phpmyadmin
6.1
CVSSv3
CVE-2018-15605
An issue exists in phpMyAdmin prior to 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.
Phpmyadmin Phpmyadmin
6.1
CVSSv3
CVE-2018-12581
An issue exists in js/designer/move.js in phpMyAdmin prior to 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.
Phpmyadmin Phpmyadmin
8.8
CVSSv3
CVE-2018-12613
An issue exists in phpMyAdmin 4.8.x prior to 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pa...
Phpmyadmin Phpmyadmin
3 EDB exploits
17 Github repositories
9.8
CVSSv3
CVE-2017-18264
An issue exists in libraries/common.inc.php in phpMyAdmin 4.0 prior to 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can...
Phpmyadmin Phpmyadmin
Phpmyadmin Phpmyadmin 4.7.0
Debian Debian Linux 8.0
8.8
CVSSv3
CVE-2018-10188
phpMyAdmin 4.8.0 prior to 4.8.0-1 has CSRF, allowing an malicious user to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Phpmyadmin Phpmyadmin 4.8.0
1 EDB exploit
5.4
CVSSv3
CVE-2018-7260
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin prior to 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Phpmyadmin Phpmyadmin
8.8
CVSSv3
CVE-2017-1000499
phpMyAdmin versions 4.7.x (before 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Phpmyadmin Phpmyadmin
1 EDB exploit
1 Github repository
7.5
CVSSv3
CVE-2017-1000016
A weakness exists where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.
Phpmyadmin Phpmyadmin 4.6.3
Phpmyadmin Phpmyadmin 4.6.4
Phpmyadmin Phpmyadmin 4.6.1
Phpmyadmin Phpmyadmin 4.6.0
Phpmyadmin Phpmyadmin 4.6.5.1
Phpmyadmin Phpmyadmin 4.6.2
Phpmyadmin Phpmyadmin 4.6.5
Phpmyadmin Phpmyadmin 4.6.5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »