Phpmyadmin

Phpmyadmin

272 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2016-5702

  • EPSS 0.25%
  • Published 03.07.2016 01:59:13
  • Last modified 12.04.2025 10:46:40

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.

6.1

CVE-2016-5701

  • EPSS 0.46%
  • Published 03.07.2016 01:59:11
  • Last modified 12.04.2025 10:46:40

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.

6.8

CVE-2016-2562

  • EPSS 0.23%
  • Published 01.03.2016 11:59:04
  • Last modified 12.04.2025 10:46:40

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive informati...

5.4

CVE-2016-2561

  • EPSS 0.53%
  • Published 01.03.2016 11:59:03
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the datab...

6.1

CVE-2016-2560

  • EPSS 1.34%
  • Published 01.03.2016 11:59:02
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to lib...

5.4

CVE-2016-2559

  • EPSS 0.28%
  • Published 01.03.2016 11:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted qu...

5.4

CVE-2016-2045

  • EPSS 0.28%
  • Published 20.02.2016 01:59:08
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.

5.3

CVE-2016-2044

  • EPSS 0.44%
  • Published 20.02.2016 01:59:07
  • Last modified 12.04.2025 10:46:40

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5.4

CVE-2016-2043

  • EPSS 0.39%
  • Published 20.02.2016 01:59:06
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the ...

5.3

CVE-2016-2042

  • EPSS 0.58%
  • Published 20.02.2016 01:59:05
  • Last modified 12.04.2025 10:46:40

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path ...