Vulnerabilities > Phpmyadmin

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-19970 Cross-site Scripting vulnerability in multiple products
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
4.3
2018-12-11 CVE-2018-19969 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws.
6.8
2018-12-11 CVE-2018-19968 Information Exposure vulnerability in multiple products
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature.
network
low complexity
phpmyadmin debian CWE-200
4.0
2018-08-24 CVE-2018-15605 Cross-site Scripting vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin before 4.8.3.
network
phpmyadmin CWE-79
4.3
2018-06-21 CVE-2018-12613 Improper Authentication vulnerability in PHPmyadmin 4.8.0/4.8.0.1/4.8.1
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server.
network
low complexity
phpmyadmin CWE-287
6.5
2018-06-21 CVE-2018-12581 Cross-site Scripting vulnerability in PHPmyadmin
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2.
network
phpmyadmin CWE-79
4.3
2018-05-01 CVE-2017-18264 An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases.
network
low complexity
phpmyadmin debian
7.5
2018-04-19 CVE-2018-10188 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin 4.8.0
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
6.8
2018-02-21 CVE-2018-7260 Cross-site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
phpmyadmin CWE-79
3.5
2018-01-03 CVE-2017-1000499 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness.
6.8