Vulnerabilities > Phpmyadmin > Phpmyadmin > 4.5.1

DATE CVE VULNERABILITY TITLE RISK
2019-06-05 CVE-2019-12616 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin before 4.9.0.
network
low complexity
phpmyadmin CWE-352
6.5
6.5
2019-06-05 CVE-2019-11768 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin before 4.9.0.1.
network
low complexity
phpmyadmin CWE-89
critical
 9.8
9.8
2019-01-26 CVE-2019-6799 An issue was discovered in phpMyAdmin before 4.8.5.
network
high complexity
phpmyadmin debian
5.9
5.9
2019-01-26 CVE-2019-6798 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin before 4.8.5.
network
low complexity
phpmyadmin CWE-89
critical
 9.8
9.8
2018-12-11 CVE-2018-19970 Cross-site Scripting vulnerability in multiple products
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
network
low complexity
phpmyadmin debian CWE-79
6.1
6.1
2018-12-11 CVE-2018-19968 Information Exposure vulnerability in multiple products
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature.
network
low complexity
phpmyadmin debian CWE-200
6.5
6.5
2018-08-24 CVE-2018-15605 Cross-site Scripting vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin before 4.8.3.
network
low complexity
phpmyadmin CWE-79
6.1
6.1
2018-06-21 CVE-2018-12581 Cross-site Scripting vulnerability in PHPmyadmin
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2.
network
low complexity
phpmyadmin CWE-79
6.1
6.1
2018-02-21 CVE-2018-7260 Cross-site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
phpmyadmin CWE-79
5.4
5.4
2016-07-05 CVE-2016-5097 Information Exposure vulnerability in multiple products
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
network
low complexity
opensuse phpmyadmin CWE-200
5.3
5.3