Vulnerabilities > Phpmyadmin > Phpmyadmin > 4.0.10.2

DATE CVE VULNERABILITY TITLE RISK
2016-03-01 CVE-2016-2560 Cross-site Scripting vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.
network
low complexity
phpmyadmin CWE-79
6.1
6.1
2016-02-20 CVE-2016-2041 7PK - Security Features vulnerability in multiple products
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
network
low complexity
fedoraproject phpmyadmin opensuse CWE-254
7.5
7.5
2016-02-20 CVE-2016-2040 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
network
low complexity
fedoraproject opensuse phpmyadmin CWE-79
5.4
5.4
2016-02-20 CVE-2016-2039 Information Exposure vulnerability in multiple products
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
network
low complexity
opensuse phpmyadmin fedoraproject CWE-200
5.3
5.3
2016-02-20 CVE-2016-2038 Information Exposure vulnerability in multiple products
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
phpmyadmin fedoraproject opensuse CWE-200
5.3
5.3
2016-02-20 CVE-2016-1927 7PK - Security Features vulnerability in PHPmyadmin
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
network
low complexity
phpmyadmin CWE-254
7.5
7.5
2015-12-26 CVE-2015-8669 Information Exposure vulnerability in PHPmyadmin
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
phpmyadmin CWE-200
5.3
5.3