Vulnerabilities > Phpmyadmin > Phpmyadmin > 4.6.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-12-11 | CVE-2016-6609 | Command Injection vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 6.5 |
2016-12-11 | CVE-2016-6608 | Cross-site Scripting vulnerability in PHPmyadmin XSS issues were discovered in phpMyAdmin. | 4.3 |
2016-12-11 | CVE-2016-6607 | Cross-site Scripting vulnerability in PHPmyadmin XSS issues were discovered in phpMyAdmin. | 4.3 |
2016-12-11 | CVE-2016-6606 | Information Exposure vulnerability in PHPmyadmin An issue was discovered in cookie encryption in phpMyAdmin. | 5.0 |
2016-07-05 | CVE-2016-5098 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | 5.0 |
2016-07-03 | CVE-2016-5739 | Information Exposure vulnerability in multiple products The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | 5.0 |
2016-07-03 | CVE-2016-5734 | Code Injection vulnerability in PHPmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. | 7.5 |
2016-07-03 | CVE-2016-5733 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. | 4.3 |
2016-07-03 | CVE-2016-5732 | Cross-site Scripting vulnerability in PHPmyadmin 4.6.0/4.6.1/4.6.2 Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. | 4.3 |
2016-07-03 | CVE-2016-5731 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. | 4.3 |