Phpmyadmin: >> Phpmyadmin Security Vulnerabilities
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-17
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality
CVSS Score
7.5
EPSS Score
0.011
Published
2017-07-17
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters
CVSS Score
6.1
EPSS Score
0.006
Published
2017-07-17
A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-07-17
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
CVSS Score
8.8
EPSS Score
0.008
Published
2017-07-17
phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name
CVSS Score
7.5
EPSS Score
0.01
Published
2017-07-17
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVSS Score
8.6
EPSS Score
0.003
Published
2017-01-31
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVSS Score
9.8
EPSS Score
0.002
Published
2016-12-11
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVSS Score
9.8
EPSS Score
0.007
Published
2016-12-11
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-12-11