MidnightBSD

Advisories for phpmyadmin

CVE-2001-0478 HIGH

Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2001-1060 HIGH

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.1.1
phpmyadmin phpmyadmin 2.1
phpmyadmin phpmyadmin 2.0.1
phpmyadmin phpmyadmin 2.1.2
phpmyadmin phpmyadmin 2.0
phpmyadmin phpmyadmin 2.2_rc1
phpmyadmin phpmyadmin 2.0.3
phpmyadmin phpmyadmin 2.2_pre1
phpmyadmin phpmyadmin 2.2_rc3
phpmyadmin phpmyadmin 2.0.4
phpmyadmin phpmyadmin 2.2_rc2
phpmyadmin phpmyadmin 2.0.5
phpmyadmin phpmyadmin 2.0.2
CVE-2004-0129 MEDIUM

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.2.3
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.0.1
phpmyadmin phpmyadmin 2.2.2
phpmyadmin phpmyadmin 2.1.2
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.0
phpmyadmin phpmyadmin 2.3.1
phpmyadmin phpmyadmin 2.2_rc1
phpmyadmin phpmyadmin 2.2.6
phpmyadmin phpmyadmin 2.0.3
phpmyadmin phpmyadmin 2.2.5
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.2_rc2
phpmyadmin phpmyadmin 2.2.4
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.3.2
phpmyadmin phpmyadmin 2.1.1
phpmyadmin phpmyadmin 2.1
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.2_pre1
phpmyadmin phpmyadmin 2.2_rc3
phpmyadmin phpmyadmin 2.0.4
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.0.5
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.0.2
CVE-2004-1055 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.5.5_rc1
gentoo linux 1.4
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.5.7_pl1
CVE-2004-1147 HIGH

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.5.7_pl1
CVE-2004-1148 MEDIUM

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.5.7_pl1
CVE-2004-2630 HIGH

The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.5.6_rc2
phpmyadmin phpmyadmin 2.5.2_pl1
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.5.7_pl1
CVE-2004-2631 HIGH

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.5.6_rc2
phpmyadmin phpmyadmin 2.5.2_pl1
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
CVE-2004-2632 HIGH

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.5.6_rc2
phpmyadmin phpmyadmin 2.5.2_pl1
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
CVE-2005-0459 MEDIUM

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.2.3
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.0.1
phpmyadmin phpmyadmin 2.2.2
phpmyadmin phpmyadmin 2.1.2
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.0
phpmyadmin phpmyadmin 2.3.1
phpmyadmin phpmyadmin 2.2_rc1
phpmyadmin phpmyadmin 2.2.6
phpmyadmin phpmyadmin 2.0.3
phpmyadmin phpmyadmin 2.2.5
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.2_rc2
phpmyadmin phpmyadmin 2.2.4
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.3.2
phpmyadmin phpmyadmin 2.6.2_dev
phpmyadmin phpmyadmin 2.5.7_pl1
phpmyadmin phpmyadmin 2.1.1
phpmyadmin phpmyadmin 2.1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.2_pre1
phpmyadmin phpmyadmin 2.2_rc3
phpmyadmin phpmyadmin 2.0.4
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.0.5
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.0.2
CVE-2005-0543 MEDIUM

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.6.1
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.6.1_rc1
CVE-2005-0544 MEDIUM

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.1
CVE-2005-0567 HIGH

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.1
CVE-2005-0653 MEDIUM

phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.1
CVE-2005-0992 MEDIUM

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.1_pl1
phpmyadmin phpmyadmin 2.2.3
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.0.1
phpmyadmin phpmyadmin 2.2.2
phpmyadmin phpmyadmin 2.1.2
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.0
phpmyadmin phpmyadmin 2.3.1
phpmyadmin phpmyadmin 2.2_rc1
phpmyadmin phpmyadmin 2.2.6
phpmyadmin phpmyadmin 2.0.3
phpmyadmin phpmyadmin 2.2.5
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.2_rc2
phpmyadmin phpmyadmin 2.2.4
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.2
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.3.2
phpmyadmin phpmyadmin 2.5.7_pl1
phpmyadmin phpmyadmin 2.1.1
phpmyadmin phpmyadmin 2.1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.6.1
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.2_pre1
phpmyadmin phpmyadmin 2.2_rc3
phpmyadmin phpmyadmin 2.6.1_pl3
phpmyadmin phpmyadmin 2.0.4
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.0.5
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.2_pre2
phpmyadmin phpmyadmin 2.6.1_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.0.2
CVE-2005-1392 MEDIUM

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.2
CVE-2005-2869 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.1_pl1
phpmyadmin phpmyadmin 2.2.3
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.0.1
phpmyadmin phpmyadmin 2.2.2
phpmyadmin phpmyadmin 2.1.2
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.0
phpmyadmin phpmyadmin 2.3.1
phpmyadmin phpmyadmin 2.2_rc1
phpmyadmin phpmyadmin 2.2.6
phpmyadmin phpmyadmin 2.0.3
phpmyadmin phpmyadmin 2.2.5
phpmyadmin phpmyadmin 2.6.3_pl1
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.6.2_pl1
phpmyadmin phpmyadmin 2.2_rc2
phpmyadmin phpmyadmin 2.6.3
phpmyadmin phpmyadmin 2.2.4
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.2
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.3.2
phpmyadmin phpmyadmin 2.5.7_pl1
phpmyadmin phpmyadmin 2.1.1
phpmyadmin phpmyadmin 2.1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.6.1
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.2_pre1
phpmyadmin phpmyadmin 2.2_rc3
phpmyadmin phpmyadmin 2.6.1_pl3
phpmyadmin phpmyadmin 2.0.4
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.6.2
phpmyadmin phpmyadmin 2.0.5
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.2_pre2
phpmyadmin phpmyadmin 2.6.1_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.0.2
CVE-2005-3299 MEDIUM

PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.4
phpmyadmin phpmyadmin 2.6.4_pl1
CVE-2005-3300 MEDIUM

The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.4_pl3
CVE-2005-3301 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.4
phpmyadmin phpmyadmin 2.6.4_rc1
phpmyadmin phpmyadmin 2.6.4_pl2
phpmyadmin phpmyadmin 2.6.4_pl1
CVE-2005-3621 MEDIUM

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.2.0
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.2.7_pl1
phpmyadmin phpmyadmin 2.6.1_pl3
phpmyadmin phpmyadmin 2.6.3_pl1
phpmyadmin phpmyadmin 2.5.6_rc2
phpmyadmin phpmyadmin 2.6.2_pl1
phpmyadmin phpmyadmin 2.5.2_pl1
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.6.4_pl3
phpmyadmin phpmyadmin 2.5.7_pl1
CVE-2005-3622 MEDIUM

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.2.0
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.2.7_pl1
phpmyadmin phpmyadmin 2.6.1_pl3
phpmyadmin phpmyadmin 2.6.3_pl1
phpmyadmin phpmyadmin 2.5.6_rc2
phpmyadmin phpmyadmin 2.7.0_beta1
phpmyadmin phpmyadmin 2.6.2_pl1
phpmyadmin phpmyadmin 2.5.2_pl1
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.6.4_pl4
phpmyadmin phpmyadmin 2.6.4_pl3
phpmyadmin phpmyadmin 2.5.7_pl1
CVE-2005-3665 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.1_pl1
phpmyadmin phpmyadmin 2.2.3
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.0
phpmyadmin phpmyadmin 2.2.6
phpmyadmin phpmyadmin 2.0.3
phpmyadmin phpmyadmin 2.2.5
phpmyadmin phpmyadmin 2.6.3_pl1
phpmyadmin phpmyadmin 2.2_rc2
phpmyadmin phpmyadmin 2.2.4
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.2
phpmyadmin phpmyadmin 2.6.4_pl3
phpmyadmin phpmyadmin 2.5.7_pl1
phpmyadmin phpmyadmin 2.6.1
phpmyadmin phpmyadmin 2.2_pre1
phpmyadmin phpmyadmin 2.2_rc3
phpmyadmin phpmyadmin 2.6.1_pl3
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.0.5
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.6.1_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.6.4_pl1
phpmyadmin phpmyadmin 2.0.2
phpmyadmin phpmyadmin 2.0.1
phpmyadmin phpmyadmin 2.2.2
phpmyadmin phpmyadmin 2.1.2
phpmyadmin phpmyadmin 2.3.1
phpmyadmin phpmyadmin 2.2_rc1
phpmyadmin phpmyadmin 2.7.0_beta1
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.3.2
phpmyadmin phpmyadmin 2.1.1
phpmyadmin phpmyadmin 2.1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.6.2_rc1
phpmyadmin phpmyadmin 2.0.4
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.6.2
phpmyadmin phpmyadmin 2.6.4_rc1
phpmyadmin phpmyadmin 2.2_pre2
CVE-2005-3787 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.2.0
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.2.7_pl1
phpmyadmin phpmyadmin 2.6.1_pl3
phpmyadmin phpmyadmin 2.6.3_pl1
phpmyadmin phpmyadmin 2.5.6_rc2
phpmyadmin phpmyadmin 2.6.2_pl1
phpmyadmin phpmyadmin 2.5.2_pl1
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.6.4_pl3
phpmyadmin phpmyadmin 2.5.7_pl1
CVE-2005-4079 MEDIUM

The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.7.0_rc1
CVE-2005-4349 MEDIUM

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.7.0
CVE-2005-4450 HIGH

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.7.0_pl1
CVE-2006-1258 MEDIUM

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.8.0.1
CVE-2006-1678 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.1_pl1
phpmyadmin phpmyadmin 2.2.0_pre2
phpmyadmin phpmyadmin 2.2.3
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.2.6
phpmyadmin phpmyadmin 2.0.0
phpmyadmin phpmyadmin 2.0.3
phpmyadmin phpmyadmin 2.2.5
phpmyadmin phpmyadmin 2.6.3_pl1
phpmyadmin phpmyadmin 2.2.4
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.6.4_pl3
phpmyadmin phpmyadmin 2.5.7_pl1
phpmyadmin phpmyadmin 2.6.1
phpmyadmin phpmyadmin 2.6.1_pl3
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.0.5
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.6.1_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.6.4_pl1
phpmyadmin phpmyadmin 2.0.2
phpmyadmin phpmyadmin 2.0.1
phpmyadmin phpmyadmin 2.2.2
phpmyadmin phpmyadmin 2.1.2
phpmyadmin phpmyadmin 2.2.0_pre1
phpmyadmin phpmyadmin 2.3.1
phpmyadmin phpmyadmin 2.7.0_pl2
phpmyadmin phpmyadmin 2.7.0
phpmyadmin phpmyadmin 2.7.0_beta1
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.6.4_pl4
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.3.2
phpmyadmin phpmyadmin 2.1.0
phpmyadmin phpmyadmin 2.2.0_rc2
phpmyadmin phpmyadmin 2.1.1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.2.0
phpmyadmin phpmyadmin 2.2.0_rc1
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.6.2_rc1
phpmyadmin phpmyadmin 2.0.4
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.6.2
phpmyadmin phpmyadmin 2.6.4_rc1
phpmyadmin phpmyadmin 2.7.0_pl1
phpmyadmin phpmyadmin 2.2.0_rc3
CVE-2006-1803 MEDIUM

Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2006-1804 HIGH

SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.8.0.3
phpmyadmin phpmyadmin 2.7.0_pl1
CVE-2006-2031 LOW

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.8.0.2
phpmyadmin phpmyadmin 2.8.0.3
phpmyadmin phpmyadmin 2.8.1_dev
phpmyadmin phpmyadmin 2.9.0_dev
CVE-2006-2417 MEDIUM

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.8.0.1
phpmyadmin phpmyadmin 2.8.0.2
phpmyadmin phpmyadmin 2.8.0.3
CVE-2006-2418 MEDIUM

Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.8.0.3
CVE-2006-3388 MEDIUM

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.6.1_pl1
phpmyadmin phpmyadmin 2.2.3
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.0
phpmyadmin phpmyadmin 2.2.6
phpmyadmin phpmyadmin 2.0.3
phpmyadmin phpmyadmin 2.2.5
phpmyadmin phpmyadmin 2.6.3_pl1
phpmyadmin phpmyadmin 2.2_rc2
phpmyadmin phpmyadmin 2.2.4
phpmyadmin phpmyadmin 2.6.0_pl2
phpmyadmin phpmyadmin 2.5.5_rc2
phpmyadmin phpmyadmin 2.2
phpmyadmin phpmyadmin 2.6.4_pl3
phpmyadmin phpmyadmin 2.5.7_pl1
phpmyadmin phpmyadmin 2.7_pl1
phpmyadmin phpmyadmin 2.6.1
phpmyadmin phpmyadmin 2.2_pre1
phpmyadmin phpmyadmin 2.2_rc3
phpmyadmin phpmyadmin 2.6.1_pl3
phpmyadmin phpmyadmin 2.8.3
phpmyadmin phpmyadmin 2.6.0_pl1
phpmyadmin phpmyadmin 2.8.4
phpmyadmin phpmyadmin 2.0.5
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.6.1_rc1
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.6.4_pl1
phpmyadmin phpmyadmin 2.0.2
phpmyadmin phpmyadmin 2.0.1
phpmyadmin phpmyadmin 2.2.2
phpmyadmin phpmyadmin 2.1.2
phpmyadmin phpmyadmin 2.3.1
phpmyadmin phpmyadmin 2.2_rc1
phpmyadmin phpmyadmin 2.7.0_beta1
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.7
phpmyadmin phpmyadmin 2.6.4_pl4
phpmyadmin phpmyadmin 2.5.6_rc1
phpmyadmin phpmyadmin 2.3.2
phpmyadmin phpmyadmin 2.1.1
phpmyadmin phpmyadmin 2.1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.8.1
phpmyadmin phpmyadmin 2.5.5_rc1
phpmyadmin phpmyadmin 2.6.2_rc1
phpmyadmin phpmyadmin 2.0.4
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.6.2
phpmyadmin phpmyadmin 2.6.4_rc1
phpmyadmin phpmyadmin 2.2_pre2
CVE-2008-1567 LOW

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
fedoraproject fedora 7
phpmyadmin phpmyadmin *
fedoraproject fedora 8
opensuse opensuse 11.0
debian debian_linux 4.0
opensuse opensuse 10.3
opensuse opensuse 10.2
CVE-2009-1151 HIGH

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
debian debian_linux 4.0
debian debian_linux 5.0
CVE-2010-2958 MEDIUM

Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2010-3055 HIGH

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 2.11.7.0
CVE-2010-3056 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2010-3263 MEDIUM

Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.3.6.0
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2010-4329 MEDIUM

Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 2.11.10.1
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 2.11.11
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2010-4480 MEDIUM

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.3.9.0
CVE-2010-4481 MEDIUM

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 2.11.10.1
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin *
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-0986 MEDIUM

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 2.11.10.1
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 2.11.11
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 2.11.11.1
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-0987 MEDIUM

The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 2.11.10.1
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 2.11.11
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.11.2
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 2.11.11.1
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-1940 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-1941 MEDIUM

Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.0.0
CVE-2011-2505 MEDIUM

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.10.1
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-2506 HIGH

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.10.1
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-2507 MEDIUM

libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.10.1
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-2508 MEDIUM

Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.10.1
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-2642 LOW

Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 2.11.10.1
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 3.3.10.1
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin *
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-2643 MEDIUM

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.0.0
CVE-2011-2718 MEDIUM

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.0.0
CVE-2011-2719 MEDIUM

libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.10.1
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.3.10.2
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-3181 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.3.10.1
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.3.10.3
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin 3.3.10.2
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 3.4.3.2
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2011-3646 MEDIUM

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.4.0
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.3.2
phpmyadmin phpmyadmin 3.4.5.0
phpmyadmin phpmyadmin 3.4.0.0
CVE-2011-4064 MEDIUM

Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.4.0
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.3.2
phpmyadmin phpmyadmin 3.4.5.0
phpmyadmin phpmyadmin 3.4.0.0
CVE-2011-4107 MEDIUM

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
fedoraproject fedora 14
fedoraproject fedora 16
debian debian_linux 5.0
fedoraproject fedora 15
CVE-2011-4634 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.4.0
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.6.0
phpmyadmin phpmyadmin 3.4.7.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.3.2
phpmyadmin phpmyadmin 3.4.5.0
phpmyadmin phpmyadmin 3.4.0.0
CVE-2011-4780 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.4.0
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.6.0
phpmyadmin phpmyadmin 3.4.7.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.8.0
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.3.2
phpmyadmin phpmyadmin 3.4.5.0
phpmyadmin phpmyadmin 3.4.0.0
CVE-2011-4782 MEDIUM

Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.4.0
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.6.0
phpmyadmin phpmyadmin 3.4.7.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.8.0
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.3.2
phpmyadmin phpmyadmin 3.4.5.0
phpmyadmin phpmyadmin 3.4.0.0
CVE-2012-1190 MEDIUM

Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.7.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.4.8.0
phpmyadmin phpmyadmin 3.4.7.1
phpmyadmin phpmyadmin 3.4.9.0
phpmyadmin phpmyadmin 3.4.10.0
phpmyadmin phpmyadmin 3.4.4.0
phpmyadmin phpmyadmin 3.4.6.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.7
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.3.2
phpmyadmin phpmyadmin 3.4.5.0
phpmyadmin phpmyadmin 3.4.0.0
CVE-2012-1902 MEDIUM

show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.7.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.4.8.0
phpmyadmin phpmyadmin 3.4.7.1
phpmyadmin phpmyadmin 3.4.9.0
phpmyadmin phpmyadmin 3.4.10.0
phpmyadmin phpmyadmin 3.4.4.0
phpmyadmin phpmyadmin 3.4.10.1
phpmyadmin phpmyadmin 3.4.6.0
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.4.3.2
phpmyadmin phpmyadmin 3.4.5.0
phpmyadmin phpmyadmin 3.4.0.0
CVE-2013-1937 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin *
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.5.2.0
phpmyadmin phpmyadmin 3.5.6
CVE-2013-3238 MEDIUM

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2013-3239 MEDIUM

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2013-3240 MEDIUM

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.0
CVE-2013-3241 MEDIUM

export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.0
CVE-2013-3742 LOW

Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2013-4729 MEDIUM

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2013-4995 LOW

Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.8.1
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2013-4996 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.8.1
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2013-4997 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.8.1
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2013-4998 MEDIUM

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.8.1
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2013-4999 MEDIUM

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.0
CVE-2013-5000 MEDIUM

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.8.1
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2013-5001 LOW

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.0
CVE-2013-5002 LOW

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.8.1
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2013-5003 MEDIUM

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.8.1
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2013-5029 MEDIUM

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 4.0.3
opensuse opensuse 12.2
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.8
opensuse opensuse 12.3
phpmyadmin phpmyadmin 3.5.8.1
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 3.5.8.2
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 3.5.2.0
CVE-2014-1879 LOW

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 1.1
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 1.2.7
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 1.2.8
phpmyadmin phpmyadmin 1.3
phpmyadmin phpmyadmin 3.4.0.0
phpmyadmin phpmyadmin 1.2.5
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 2.11.10.1
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 1.0.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 3.4.7.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 3.3.9.2
phpmyadmin phpmyadmin 1.0.5
phpmyadmin phpmyadmin 1.2.1
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 3.4.3.2
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 1.2
phpmyadmin phpmyadmin 3.4.10.1
phpmyadmin phpmyadmin 1.0.7
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 3.5.8.1
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 1.2.2
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 1.2.9.3
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 3.5.2.0
phpmyadmin phpmyadmin 3.3.10.0
phpmyadmin phpmyadmin 3.4.7.0
phpmyadmin phpmyadmin 1.2.9.5
phpmyadmin phpmyadmin 3.4.10.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 1.0.8
phpmyadmin phpmyadmin 3.4.10.0
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 3.4.5.0
phpmyadmin phpmyadmin 3.4.2.0
phpmyadmin phpmyadmin 3.4.3.0
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 1.0.1
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 3.4.4.0
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 1.2.9
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 1.0.4
phpmyadmin phpmyadmin 1.0.6
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 1.2.9.4
phpmyadmin phpmyadmin 3.4.3.1
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 1.0.2
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 3.5.8.2
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 3.4.8.0
phpmyadmin phpmyadmin 1.2.3
phpmyadmin phpmyadmin 1.2.9.2
phpmyadmin phpmyadmin 1.2.6
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 3.4.6.0
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin *
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 1.0.0
phpmyadmin phpmyadmin 1.2.9.1
phpmyadmin phpmyadmin 1.2.4
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 3.4.9.0
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 3.4.1.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 3.4.11
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 3.3.4.0
CVE-2014-4348 LOW

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.2.1
CVE-2014-4349 LOW

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.6
CVE-2014-4954 LOW

Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.2.1
CVE-2014-4955 LOW

Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.10.0
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.1.6
CVE-2014-4986 LOW

Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.10.0
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.1.6
CVE-2014-4987 MEDIUM

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.1.4
opensuse opensuse 12.3
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.1.1
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.1.6
CVE-2014-5273 LOW

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.1.14.2
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.1.6
CVE-2014-5274 LOW

Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.1.1
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.2.4
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.1.14.2
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.1.6
CVE-2014-6300 MEDIUM

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.1.4
opensuse opensuse 12.3
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.1.1
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.14.3
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.1.6
CVE-2014-7217 LOW

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.14.3
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.1.6
phpmyadmin phpmyadmin 4.1.14.4
CVE-2014-8326 LOW

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.0.9
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.2.10
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.1.6
phpmyadmin phpmyadmin 4.1.14.4
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.0.10.0
phpmyadmin phpmyadmin 4.1.14.5
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.14.3
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.2
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2014-8958 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.1.14.6
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.10.1
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.1.6
phpmyadmin phpmyadmin 4.1.14.4
phpmyadmin phpmyadmin 4.2.11
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.1.14.5
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.14.3
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.9.1
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.2
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2014-8959 MEDIUM

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.0.9
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.1.14.6
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.2.10
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.1.6
phpmyadmin phpmyadmin 4.1.14.4
phpmyadmin phpmyadmin 4.2.11
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.0.10.0
phpmyadmin phpmyadmin 4.1.14.5
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.2.7.1
opensuse opensuse 12.3
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.14.3
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.2
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2014-8960 LOW

Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.1.14.5
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.14.6
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.14.3
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.2.10
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.1.14.2
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.1.6
phpmyadmin phpmyadmin 4.1.14.4
phpmyadmin phpmyadmin 4.2.11
CVE-2014-8961 MEDIUM

Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.1.14.5
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.1.4
opensuse opensuse 12.3
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.1.1
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.14.6
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.14.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.9.1
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.10.1
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.1.14.2
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.1.6
phpmyadmin phpmyadmin 4.1.14.4
phpmyadmin phpmyadmin 4.2.11
CVE-2014-9218 MEDIUM

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.1.14
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.1.4
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.1.0
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.1.14.6
phpmyadmin phpmyadmin 4.2.12
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.1.12
phpmyadmin phpmyadmin 4.2.10
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.1.3
phpmyadmin phpmyadmin 4.1.13
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.1.2
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.10.1
phpmyadmin phpmyadmin 4.1.14.1
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.1.6
phpmyadmin phpmyadmin 4.2.11
phpmyadmin phpmyadmin 4.1.5
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.1.9
phpmyadmin phpmyadmin 4.1.7
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.1.10
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.1.1
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.1.11
phpmyadmin phpmyadmin 4.1.14.3
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.1.8
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.9.1
phpmyadmin phpmyadmin 4.2.13
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2014-9219 MEDIUM

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.2.12
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.2.10
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.9.1
phpmyadmin phpmyadmin 4.2.13
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.10.1
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.2.11
CVE-2015-2206 MEDIUM

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.2.8.1
phpmyadmin phpmyadmin 4.3.2
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.3.7
fedoraproject fedora 22
phpmyadmin phpmyadmin 4.2.12
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.2.10
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.3.6
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.3.11
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.3.3
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.10.1
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.3.5
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.2.8
phpmyadmin phpmyadmin 4.2.11
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.3.0
phpmyadmin phpmyadmin 4.2.7.1
fedoraproject fedora 20
phpmyadmin phpmyadmin 4.3.1
phpmyadmin phpmyadmin 4.2.9
phpmyadmin phpmyadmin 4.3.8
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.2.13.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.0.10.4
fedoraproject fedora 21
phpmyadmin phpmyadmin 4.3.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.9.1
phpmyadmin phpmyadmin 4.2.13
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.3.4
phpmyadmin phpmyadmin 4.2.6
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.3.9
phpmyadmin phpmyadmin 4.0.0
CVE-2015-3902 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.3.2
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.3.7
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.2.12
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.3.6
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.3.11
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.3.3
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.10.1
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.3.5
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.2.11
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.2.13.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.3.0
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.3.13
phpmyadmin phpmyadmin 4.3.1
phpmyadmin phpmyadmin 4.3.8
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.2.13.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.3.10
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.9.1
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.3.4
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.3.9
phpmyadmin phpmyadmin 4.3.12
phpmyadmin phpmyadmin 4.0.0
CVE-2015-3903 MEDIUM

libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.2.5
phpmyadmin phpmyadmin 4.3.2
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.3.7
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.2.12
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.3.6
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.3.11
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.2.0
phpmyadmin phpmyadmin 4.3.3
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.2.2
phpmyadmin phpmyadmin 4.2.10.1
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.3.5
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.2.11
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.2.13.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.3.0
phpmyadmin phpmyadmin 4.2.7.1
phpmyadmin phpmyadmin 4.3.13
phpmyadmin phpmyadmin 4.3.1
phpmyadmin phpmyadmin 4.3.8
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.2.13.1
phpmyadmin phpmyadmin 4.2.1
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.2.7
phpmyadmin phpmyadmin 4.3.10
phpmyadmin phpmyadmin 4.2.4
phpmyadmin phpmyadmin 4.2.9.1
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.2.3
phpmyadmin phpmyadmin 4.3.4
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.3.9
phpmyadmin phpmyadmin 4.3.12
phpmyadmin phpmyadmin 4.0.0
CVE-2015-6830 MEDIUM

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.3.2
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.3.0
phpmyadmin phpmyadmin 4.3.1
phpmyadmin phpmyadmin 4.3.8
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.3.7
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.3.13.1
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.3.10
phpmyadmin phpmyadmin 4.3.6
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.3.11
phpmyadmin phpmyadmin 4.3.3
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.3.4
phpmyadmin phpmyadmin 4.3.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.3.9
phpmyadmin phpmyadmin 4.3.12
phpmyadmin phpmyadmin 4.4.5
CVE-2015-7873 MEDIUM

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
CVE-2015-8669 MEDIUM

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.5.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-1927 MEDIUM

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,CWE-255,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.5.3
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-2038 MEDIUM

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
fedoraproject fedora 23
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.10.2
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.5.3
fedoraproject fedora 22
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.0
CVE-2016-2039 MEDIUM

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
fedoraproject fedora 23
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.10.2
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.5.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
fedoraproject fedora 24
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.0
CVE-2016-2040 LOW

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
fedoraproject fedora 23
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.10.2
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.5.3
fedoraproject fedora 22
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.0
CVE-2016-2041 MEDIUM

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
fedoraproject fedora 23
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.10.2
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.5.3
fedoraproject fedora 22
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.0
CVE-2016-2042 MEDIUM

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.2
fedoraproject fedora 23
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.5.3
phpmyadmin phpmyadmin 4.4.11
fedoraproject fedora 22
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.5.2
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-2043 LOW

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.2
fedoraproject fedora 23
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.5.3
phpmyadmin phpmyadmin 4.4.11
fedoraproject fedora 22
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.5.2
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-2044 MEDIUM

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
fedoraproject fedora 22
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.5.0.2
fedoraproject fedora 23
phpmyadmin phpmyadmin 4.5.3
CVE-2016-2045 LOW

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fedoraproject fedora 22
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.5.0.2
fedoraproject fedora 23
phpmyadmin phpmyadmin 4.5.3
CVE-2016-2559 LOW

Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.5.4
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.5.4.1
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.5.3.1
phpmyadmin phpmyadmin 4.5.5
phpmyadmin phpmyadmin 4.5.3
CVE-2016-2560 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.5.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.5.4.1
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.5.3.1
phpmyadmin phpmyadmin 4.5.5
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.5.4
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-2561 LOW

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.5.4
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.5.3
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.5.4.1
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.5.3.1
phpmyadmin phpmyadmin 4.5.5
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-2562 MEDIUM

The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.5.4
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.5.4.1
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.5.3.1
phpmyadmin phpmyadmin 4.5.5
phpmyadmin phpmyadmin 4.5.3
CVE-2016-4412 LOW

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.

CVSS 2.0

Severity: LOW

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-5097 MEDIUM

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
opensuse opensuse 13.1
CVE-2016-5098 MEDIUM

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.2
opensuse opensuse 13.1
CVE-2016-5099 MEDIUM

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-5701 MEDIUM

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-5702 MEDIUM

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.0
CVE-2016-5703 HIGH

SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-5704 MEDIUM

Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.0
CVE-2016-5705 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-5706 MEDIUM

js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-5730 MEDIUM

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-5731 MEDIUM

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-5732 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.0
CVE-2016-5733 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-5734 HIGH

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-5739 MEDIUM

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
opensuse leap 42.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
opensuse opensuse 13.1
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6606 MEDIUM

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-310,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6607 MEDIUM

XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6608 MEDIUM

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.0
CVE-2016-6609 MEDIUM

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6610 MEDIUM

A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6611 MEDIUM

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6612 MEDIUM

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6613 LOW

An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6614 MEDIUM

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6615 MEDIUM

XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-6616 MEDIUM

An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-6617 MEDIUM

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.0
CVE-2016-6618 MEDIUM

An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6619 MEDIUM

An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6620 HIGH

An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6621 MEDIUM

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.4.15.9
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.6.5
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin *
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-6622 MEDIUM

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6623 MEDIUM

An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6624 MEDIUM

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6625 MEDIUM

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6626 MEDIUM

An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6627 MEDIUM

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6628 MEDIUM

An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6629 HIGH

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6630 MEDIUM

An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6631 HIGH

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6632 MEDIUM

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-6633 MEDIUM

An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9847 MEDIUM

An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9848 MEDIUM

An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9849 HIGH

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9850 MEDIUM

An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9851 MEDIUM

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-9852 MEDIUM

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-9853 MEDIUM

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-9854 MEDIUM

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-9855 MEDIUM

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
CVE-2016-9856 MEDIUM

An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9857 MEDIUM

An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9858 MEDIUM

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9859 MEDIUM

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9860 MEDIUM

An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9861 MEDIUM

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9862 MEDIUM

An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
CVE-2016-9863 MEDIUM

An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
CVE-2016-9864 MEDIUM

An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9865 HIGH

An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,CWE-502,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2016-9866 MEDIUM

An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2017-1000013 MEDIUM

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.10.18
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.9
phpmyadmin phpmyadmin 4.6.5
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2017-1000014 MEDIUM

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.10.18
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.9
phpmyadmin phpmyadmin 4.6.5
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2017-1000015 MEDIUM

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.0.10.16
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15.7
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.17
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.0.10.18
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.15.9
phpmyadmin phpmyadmin 4.6.5
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.4.15.8
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.0.10.15
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.0
CVE-2017-1000016 MEDIUM

A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.6.5.2
phpmyadmin phpmyadmin 4.6.3
phpmyadmin phpmyadmin 4.6.5
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.4
phpmyadmin phpmyadmin 4.6.5.1
CVE-2017-1000017 MEDIUM

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2017-1000018 MEDIUM

phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2017-1000499 MEDIUM

phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2017-18264 HIGH

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
phpmyadmin phpmyadmin 4.7.0
debian debian_linux 8.0
CVE-2018-10188 MEDIUM

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 4.8.0
CVE-2018-12581 MEDIUM

An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2018-12613 MEDIUM

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2018-15605 MEDIUM

An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2018-19968 MEDIUM

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
debian debian_linux 8.0
CVE-2018-19969 MEDIUM

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2018-19970 MEDIUM

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
debian debian_linux 8.0
CVE-2018-7260 LOW

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2019-11768 HIGH

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2019-12616 MEDIUM

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2019-12922 MEDIUM

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
fedoraproject fedora 29
fedoraproject fedora 30
fedoraproject fedora 31
CVE-2019-18622 HIGH

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
opensuse leap 15.0
opensuse backports_sle 15.0
fedoraproject fedora 30
opensuse leap 15.1
fedoraproject fedora 31
CVE-2019-19617 HIGH

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
debian debian_linux 9.0
debian debian_linux 8.0
CVE-2019-6798 HIGH

An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2019-6799 MEDIUM

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
debian debian_linux 8.0
CVE-2020-10802 MEDIUM

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
suse package_hub -
opensuse backports_sle 15.0
fedoraproject fedora 30
opensuse leap 15.1
debian debian_linux 8.0
fedoraproject fedora 31
fedoraproject fedora 32
CVE-2020-10803 LOW

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
suse package_hub -
opensuse backports_sle 15.0
fedoraproject fedora 30
opensuse leap 15.1
debian debian_linux 8.0
fedoraproject fedora 31
fedoraproject fedora 32
CVE-2020-10804 MEDIUM

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
suse package_hub -
opensuse backports_sle 15.0
fedoraproject fedora 30
opensuse leap 15.1
fedoraproject fedora 31
fedoraproject fedora 32
CVE-2020-11441 MEDIUM

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin 5.0.2
CVE-2020-22278 MEDIUM

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2020-22452

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2020-26934 MEDIUM

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
fedoraproject fedora 33
opensuse leap 15.2
opensuse backports_sle 15.0
debian debian_linux 9.0
opensuse leap 15.1
fedoraproject fedora 31
fedoraproject fedora 32
CVE-2020-26935 HIGH

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
fedoraproject fedora 33
opensuse leap 15.2
opensuse backports_sle 15.0
debian debian_linux 9.0
opensuse leap 15.1
fedoraproject fedora 31
fedoraproject fedora 32
CVE-2020-5504 MEDIUM

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
debian debian_linux 8.0
suse suse_linux_enterprise_server 12
CVE-2022-0813 MEDIUM

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@incibe.es 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2022-23807 MEDIUM

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2022-23808 MEDIUM

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *
CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
phpmyadmin phpmyadmin *