Phpmyadmin

Phpmyadmin

272 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-2041

  • EPSS 1.03%
  • Veröffentlicht 20.02.2016 01:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restri...

5.4

CVE-2016-2040

  • EPSS 0.49%
  • Veröffentlicht 20.02.2016 01:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) s...

5.3

CVE-2016-2039

  • EPSS 0.38%
  • Veröffentlicht 20.02.2016 01:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

5.3

CVE-2016-2038

  • EPSS 1.2%
  • Veröffentlicht 20.02.2016 01:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

7.5

CVE-2016-1927

  • EPSS 0.63%
  • Veröffentlicht 20.02.2016 01:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a bru...

5.3

CVE-2015-8669

  • EPSS 0.49%
  • Veröffentlicht 26.12.2015 22:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5

CVE-2015-7873

  • EPSS 0.63%
  • Veröffentlicht 28.10.2015 10:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.

5

CVE-2015-6830

  • EPSS 30.43%
  • Veröffentlicht 14.09.2015 01:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a cor...

4.3

CVE-2015-3903

Exploit
  • EPSS 1.17%
  • Veröffentlicht 26.05.2015 15:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to...

6.8

CVE-2015-3902

  • EPSS 0.22%
  • Veröffentlicht 26.05.2015 15:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of admini...