Vulnerabilities > Phpmyadmin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-11 | CVE-2016-6609 | Command Injection vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 8.8 |
| 2016-12-11 | CVE-2016-6608 | Cross-site Scripting vulnerability in PHPmyadmin XSS issues were discovered in phpMyAdmin. | 6.1 |
| 2016-12-11 | CVE-2016-6607 | Cross-site Scripting vulnerability in PHPmyadmin XSS issues were discovered in phpMyAdmin. | 6.1 |
| 2016-12-11 | CVE-2016-6606 | Information Exposure vulnerability in PHPmyadmin An issue was discovered in cookie encryption in phpMyAdmin. | 8.1 |
| 2016-12-11 | CVE-2016-4412 | 7PK - Security Features vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 4.4 |
| 2016-07-05 | CVE-2016-5099 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. | 6.1 |
| 2016-07-05 | CVE-2016-5098 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | 5.3 |
| 2016-07-05 | CVE-2016-5097 | Information Exposure vulnerability in multiple products phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. | 5.3 |
| 2016-07-03 | CVE-2016-5739 | Information Exposure vulnerability in multiple products The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | 7.5 |
| 2016-07-03 | CVE-2016-5734 | Code Injection vulnerability in PHPmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. | 9.8 |