Vulnerabilities > Phpmyadmin > Phpmyadmin > 4.0.10.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-12616 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin before 4.9.0. | 6.5 |
| 2019-06-05 | CVE-2019-11768 | SQL Injection vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin before 4.9.0.1. | 9.8 |
| 2019-01-26 | CVE-2019-6799 | An issue was discovered in phpMyAdmin before 4.8.5. | 5.9 |
| 2018-12-11 | CVE-2018-19970 | Cross-site Scripting vulnerability in multiple products In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | 6.1 |
| 2018-12-11 | CVE-2018-19968 | Information Exposure vulnerability in multiple products An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. | 6.5 |
| 2018-08-24 | CVE-2018-15605 | Cross-site Scripting vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin before 4.8.3. | 6.1 |
| 2018-06-21 | CVE-2018-12581 | Cross-site Scripting vulnerability in PHPmyadmin An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. | 6.1 |
| 2018-05-01 | CVE-2017-18264 | An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. | 9.8 |
| 2018-02-21 | CVE-2018-7260 | Cross-site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2017-07-17 | CVE-2017-1000018 | Improper Input Validation vulnerability in PHPmyadmin phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name | 7.5 |