Phpmyadmin: >> Phpmyadmin >> 1.2.5 Security Vulnerabilities
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
CVSS Score
5.4
EPSS Score
0.09
Published
2023-02-13
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-03-10
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-11-04
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
CVSS Score
9.8
EPSS Score
0.012
Published
2019-12-06
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-11-22
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
CVSS Score
6.5
EPSS Score
0.371
Published
2019-09-13
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
CVSS Score
9.8
EPSS Score
0.017
Published
2019-06-05
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
CVSS Score
6.5
EPSS Score
0.598
Published
2019-06-05
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-08-24
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-06-21
Page 1