Vulnerabilities > Phpmyadmin

DATE	CVE	VULNERABILITY TITLE	RISK
2016-02-20	CVE-2016-2039	Information Exposure vulnerability in multiple products libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. network low complexity opensuse phpmyadmin fedoraproject CWE-200	5.3
2016-02-20	CVE-2016-2038	Information Exposure vulnerability in multiple products phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. network low complexity phpmyadmin fedoraproject opensuse CWE-200	5.3
2016-02-20	CVE-2016-1927	7PK - Security Features vulnerability in PHPmyadmin The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. network low complexity phpmyadmin CWE-254	7.5
2015-12-26	CVE-2015-8669	Information Exposure vulnerability in PHPmyadmin libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. network low complexity phpmyadmin CWE-200	5.3
2013-04-16	CVE-2013-1937	Cross-site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. network low complexity phpmyadmin CWE-79	6.1
2011-11-17	CVE-2011-4107	XXE vulnerability in multiple products The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. network low complexity phpmyadmin fedoraproject debian CWE-611	6.5
2009-03-26	CVE-2009-1151	Code Injection vulnerability in multiple products Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. network low complexity phpmyadmin debian CWE-94 critical	9.8
2008-03-31	CVE-2008-1567	Cleartext Storage of Sensitive Information vulnerability in multiple products phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. local low complexity phpmyadmin debian fedoraproject opensuse CWE-312	5.5

Vulnerabilities > Phpmyadmin {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Phpmyadmin"}]}

Vulnerabilities > Phpmyadmin