Vulnerabilities > Phpmyadmin > Phpmyadmin > 4.5.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-05 | CVE-2019-12616 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin before 4.9.0. | 6.5 |
2019-06-05 | CVE-2019-11768 | SQL Injection vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin before 4.9.0.1. | 9.8 |
2019-01-26 | CVE-2019-6799 | An issue was discovered in phpMyAdmin before 4.8.5. | 5.9 |
2019-01-26 | CVE-2019-6798 | SQL Injection vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin before 4.8.5. | 9.8 |
2018-12-11 | CVE-2018-19970 | Cross-site Scripting vulnerability in multiple products In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | 6.1 |
2018-12-11 | CVE-2018-19968 | Information Exposure vulnerability in multiple products An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. | 6.5 |
2018-08-24 | CVE-2018-15605 | Cross-site Scripting vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin before 4.8.3. | 6.1 |
2018-06-21 | CVE-2018-12581 | Cross-site Scripting vulnerability in PHPmyadmin An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. | 6.1 |
2018-02-21 | CVE-2018-7260 | Cross-site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
2016-07-05 | CVE-2016-5097 | Information Exposure vulnerability in multiple products phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. | 5.3 |