4.9.2

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-13	CVE-2023-25727	Cross-site Scripting vulnerability in PHPmyadmin In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. network low complexity phpmyadmin CWE-79	5.4
2022-03-10	CVE-2022-0813	Information Exposure vulnerability in PHPmyadmin PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. network low complexity phpmyadmin CWE-200	7.5
2022-01-22	CVE-2022-23807	Improper Authentication vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. network low complexity phpmyadmin CWE-287	4.3
2020-11-04	CVE-2020-22278	Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyadmin phpMyAdmin through 5.0.2 allows CSV injection via Export Section. network low complexity phpmyadmin CWE-1236	8.8
2020-10-10	CVE-2020-26935	SQL Injection vulnerability in multiple products An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. network low complexity phpmyadmin opensuse fedoraproject debian CWE-89 critical	9.8
2020-10-10	CVE-2020-26934	Cross-site Scripting vulnerability in multiple products phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. network low complexity phpmyadmin opensuse fedoraproject debian CWE-79	6.1
2020-03-22	CVE-2020-10803	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). network low complexity phpmyadmin debian fedoraproject opensuse suse CWE-89	5.4
2020-03-22	CVE-2020-10802	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. network low complexity phpmyadmin debian fedoraproject opensuse suse CWE-89	8.0
2020-03-22	CVE-2020-10804	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). network low complexity phpmyadmin fedoraproject opensuse suse CWE-89	8.0
2020-01-09	CVE-2020-5504	SQL Injection vulnerability in multiple products In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. network low complexity phpmyadmin suse debian CWE-89	6.5