phpmyadmin/phpmyadmin Security Advisories for 4.0.10.8 (43)
-
[MEDIUM] phpMyAdmin Cross-Site Request Forgery (CSRF)
PKSA-hjst-v1cr-6c68 CVE-2019-12922 GHSA-4c9q-64gq-xhx4
Affected version: <=4.9.0.1
Reported by:
GitHub -
[CRITICAL] phpMyAdmin unsanitized Git information
PKSA-2p6g-8fhm-wpz8 CVE-2019-19617 GHSA-pgph-mc4p-f8c3
Affected version: <4.9.2
Reported by:
GitHub -
[MEDIUM] phpMyAdmin CSRF Vulnerability
PKSA-61t2-8dhb-6pfx CVE-2019-12616 GHSA-mfr9-pcm3-6mwc
Affected version: <4.9.0
Reported by:
GitHub -
[CRITICAL] phpMyAdmin SQL injection in Designer feature
PKSA-qmwv-jdyx-shqc CVE-2019-11768 GHSA-x37v-98f9-mj32
Affected version: <4.9.0.1
Reported by:
GitHub -
[HIGH] phpMyAdmin Cryptographic Vulnerability
PKSA-dz54-yxz3-dv5t CVE-2016-1927 GHSA-4gmg-gwjh-3mmr
Affected version: >=4.5.0,<4.5.4|>=4.4.0,<4.4.15.3|>=4.0.0,<4.0.10.13
Reported by:
GitHub -
[MEDIUM] phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention
PKSA-7qxh-bq5b-738p CVE-2016-6624 GHSA-mhxj-6vf8-mwv3
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin DoS Vulnerability
PKSA-6z55-t2ck-z9fr CVE-2016-6623 GHSA-2mcj-3r3r-v5wm
Affected version: >=4.0.0,<4.0.10.17|>=4.4.0,<4.4.15.8|>=4.6.0,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Local file exposure through symlinks with UploadDir
PKSA-7mp9-54n6-nkzd CVE-2016-6613 GHSA-6j2v-g9rg-qcm5
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Local file exposure
PKSA-vkh8-gfxc-r7wd CVE-2016-6612 GHSA-fcgm-62p3-f7cm
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin allows to detect if user is logged in
PKSA-h3k8-czvq-hx91 CVE-2016-6625 GHSA-r643-7xfg-ppc5
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[CRITICAL] phpMyAdmin Authentication Bypass
PKSA-1vh5-psjw-1dvs CVE-2016-6629 GHSA-567r-vqj7-5cw7
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Reflected File Download attack
PKSA-x3yd-1gnv-sc7c CVE-2016-6628 GHSA-phhm-63xx-v9rr
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Denial of service (DOS) attack with dbase extension
PKSA-4f5c-7vzq-htyq CVE-2016-6632 GHSA-426q-975p-w5cr
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[HIGH] phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension
PKSA-pm88-njqr-y8kt CVE-2016-6633 GHSA-p849-vf5f-f3x7
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Cryptographic Vulnerability
PKSA-gvqf-w79n-rz96 CVE-2016-9847 GHSA-9xhq-pm7v-693p
Affected version: >=4.0,<4.0.10.18|>=4.4,<4.4.15.9|>=4.6,<4.6.5
Reported by:
GitHub -
[MEDIUM] phpMyAdmin XSS Vulnerability
PKSA-v8kc-b1p4-xght CVE-2016-9857 GHSA-hmmx-wxh4-9w8w
Affected version: >=4.0,<4.0.10.18|>=4.4,<4.4.15.9|>=4.6,<4.6.5
Reported by:
GitHub -
[HIGH] phpMyAdmin Bypass white-list protection for URL redirection
PKSA-x2xc-v32b-kt2k CVE-2016-9861 GHSA-r326-mp8g-6xfc
Affected version: >=4.0,<4.0.10.18|>=4.4,<4.4.15.9|>=4.6,<4.6.5
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Denial of Service (DoS)
PKSA-bf24-j71w-mqh8 CVE-2016-9860 GHSA-3hw5-fffc-qrg4
Affected version: >=4.0,<4.0.10.18|>=4.4,<4.4.15.9|>=4.6,<4.6.5
Reported by:
GitHub -
[MEDIUM] phpMyAdmin XSS Vulnerability
PKSA-1jxh-86ff-458y CVE-2016-9856 GHSA-j8mx-x32r-5rf4
Affected version: >=4.0,<4.0.10.18|>=4.4,<4.4.15.9|>=4.6,<4.6.5
Reported by:
GitHub -
[CRITICAL] phpMyAdmin CSRF Vulnerability
PKSA-z89r-2bht-1vq7 CVE-2016-9866 GHSA-jvxx-8xxf-5495
Affected version: >=4.0.0,<4.0.10.18|>=4.4.0,<4.4.15.9|>=4.6.0,<4.6.5
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature
PKSA-62z7-y8f8-22d7 CVE-2018-7260 GHSA-gqmj-f46x-wqhw
Affected version: <4.7.8
Reported by:
GitHub -
[HIGH] phpMyAdmin PHP code injection
PKSA-2t2c-bjk2-4c6s CVE-2016-6609 GHSA-wpww-hx7x-xfjh
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin DoS Vulnerability
PKSA-vctg-1cxh-pgr3 CVE-2016-6622 GHSA-qf3f-7x69-qfv3
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Denial of service (DOS) attack in transformation feature
PKSA-4b46-ppj8-c2zj CVE-2016-6618 GHSA-rv6m-chvv-wmxg
Affected version: >=4.0,<4.0.10.17|>=4.4,<4.4.15.8|>=4.6,<4.6.4
Reported by:
GitHub -
[MEDIUM] phpMyAdmin XSS Vulnerability
PKSA-msvx-d7cx-mf9g CVE-2018-12581 GHSA-vxj6-pm6r-23hq
Affected version: <4.8.2
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Cross-site Scripting (XSS) in the import dialog
PKSA-pmch-sm6h-311v CVE-2018-15605 GHSA-c958-4j9x-q7w4
Affected version: <4.8.3
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Cross-site scripting (XSS) vulnerability
PKSA-gywz-99pp-k6bz CVE-2016-5731 GHSA-mwm8-36c5-j5cf
Affected version: >=4.6,<4.6.3|>=4.4,<4.4.15.7|>=4.0,<4.0.10.16
Reported by:
GitHub -
[MEDIUM] phpMyAdmin full path disclosure vulnerability
PKSA-4nt5-g6xp-h81t CVE-2016-5730 GHSA-wm9c-vcv2-vpqc
Affected version: >=4.6,<4.6.3|>=4.4,<4.4.15.7|>=4.0,<4.0.10.16
Reported by:
GitHub -
[HIGH] phpMyAdmin Denial Of Service (DOS) attack
PKSA-z9zd-82t3-9rmf CVE-2016-5706 GHSA-9rmm-8fp4-26hv
Affected version: >=4.6,<4.6.3|>=4.4,<4.4.15.7|>=4.0,<4.0.10.16
Reported by:
GitHub -
[MEDIUM] phpMyAdmin XSS Vulnerability
PKSA-xgk4-gw9r-4v7f CVE-2016-2040 GHSA-pw34-qf6c-84fc
Affected version: >=4.5,<4.5.4|>=4.4,<4.4.15.3|>=4.0,<4.0.10.13
Reported by:
GitHub -
[HIGH] phpMyAdmin Unsafe comparison of XSRF/CSRF token
PKSA-jm37-4ks3-2x1n CVE-2016-2041 GHSA-8m97-xc46-rw9w
Affected version: >=4.5,<4.5.4|>=4.4,<4.4.15.3|>=4.0,<4.0.10.13
Reported by:
GitHub -
[CRITICAL] phpMyAdmin SQL injection in Designer feature
PKSA-5cc2-rnnw-2491 CVE-2019-6798 GHSA-f732-fxh6-g4qj
Affected version: <4.8.5
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Open Redirect
PKSA-2brj-wg8s-54h3 CVE-2017-1000013 GHSA-5h5m-fj48-qpjw
Affected version: >=4.0,<4.0.10.19|>=4.4,<4.4.15.10|>=4.6,<4.6.6
Reported by:
GitHub -
[HIGH] phpMyAdmin DoS Vulnerability
PKSA-k1vn-wm94-9s36 CVE-2017-1000014 GHSA-9hrc-rwrq-v6mh
Affected version: >=4.0,<4.0.10.19|>=4.4,<4.4.15.10|>=4.6,<4.6.6
Reported by:
GitHub -
[HIGH] phpMyAdmin DoS Vulnerability
PKSA-fxmm-bnn8-k19c CVE-2017-1000018 GHSA-47qr-f86f-3wm4
Affected version: >=4.0,<4.0.10.19|>=4.4,<4.4.15.10|>=4.6,<4.6.6
Reported by:
GitHub -
[MEDIUM] phpMyAdmin CSS Injection Vulnerability
PKSA-1b48-4r8g-hxn7 CVE-2017-1000015 GHSA-3fgq-cmr4-97rr
Affected version: >=4.0.0,<4.0.10.19|>=4.4.0,<4.4.15.10|>=4.6.0,<4.6.6
Reported by:
GitHub -
[HIGH] phpMyAdmin SSRF in replication
PKSA-3cvz-xgn7-z2kr CVE-2017-1000017 GHSA-99xj-xqc9-98hr
Affected version: >=4.0,<4.0.10.19|>=4.4,<4.4.15.10|>=4.6,<4.6.6
Reported by:
GitHub -
[MEDIUM] phpMyAdmin Local file inclusion through transformation feature
PKSA-5fww-8bxv-yfvd CVE-2018-19968 GHSA-xc97-r49q-cxgc
Affected version: <4.8.4
Reported by:
GitHub -
[CRITICAL] phpMyAdmin Improper Privilege Management
PKSA-nc18-h7n9-wh32 CVE-2017-18264 GHSA-5868-g58j-vrj5
Affected version: >=4.6.0,<=4.6.6|>=4.4.0,<=4.4.15.10|>=4.7.0-beta1,<4.7.0|>=4.0,<4.0.10.20
Reported by:
GitHub -
[HIGH] Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin
PKSA-k8s6-rmtq-6tb7 CVE-2022-0813 GHSA-vx8q-j7h9-vf6q
Affected version: <5.1.3
Reported by:
GitHub -
[MEDIUM] SQL injection relating to data display
PKSA-9124-v38k-n8zf CVE-2020-10803 GHSA-fcww-8wvc-38q9
Affected version: >=3.4,<4.9.5|>=5.0.0,<5.0.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] SQL injection in phpMyAdmin
PKSA-6rn5-4mpk-h6mx CVE-2019-18622 GHSA-jgjc-332c-8cmc
Affected version: <4.9.2
Reported by:
GitHub -
[HIGH] SQL injection in user accounts page
PKSA-vmz7-cxq6-3g2f CVE-2020-5504 GHSA-fgj8-93xx-f6g6
Affected version: >=4.0.0,<4.9.4|>=5.0.0,<5.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories