Phpmyadmin

Phpmyadmin

272 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-2041

  • EPSS 1.03%
  • Published 20.02.2016 01:59:04
  • Last modified 12.04.2025 10:46:40

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restri...

5.4

CVE-2016-2040

  • EPSS 0.49%
  • Published 20.02.2016 01:59:03
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) s...

5.3

CVE-2016-2039

  • EPSS 0.38%
  • Published 20.02.2016 01:59:02
  • Last modified 12.04.2025 10:46:40

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

5.3

CVE-2016-2038

  • EPSS 1.2%
  • Published 20.02.2016 01:59:01
  • Last modified 12.04.2025 10:46:40

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

7.5

CVE-2016-1927

  • EPSS 0.63%
  • Published 20.02.2016 01:59:00
  • Last modified 12.04.2025 10:46:40

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a bru...

5.3

CVE-2015-8669

  • EPSS 0.49%
  • Published 26.12.2015 22:59:01
  • Last modified 12.04.2025 10:46:40

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5

CVE-2015-7873

  • EPSS 0.63%
  • Published 28.10.2015 10:59:19
  • Last modified 12.04.2025 10:46:40

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.

5

CVE-2015-6830

  • EPSS 30.43%
  • Published 14.09.2015 01:59:08
  • Last modified 12.04.2025 10:46:40

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a cor...

4.3

CVE-2015-3903

Exploit
  • EPSS 1.17%
  • Published 26.05.2015 15:59:11
  • Last modified 12.04.2025 10:46:40

libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to...

6.8

CVE-2015-3902

  • EPSS 0.22%
  • Published 26.05.2015 15:59:10
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of admini...