Vulnerabilities > Phpmyadmin > Phpmyadmin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-11 | CVE-2018-19970 | Cross-site Scripting vulnerability in multiple products In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | 4.3 |
| 2018-12-11 | CVE-2018-19969 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. | 6.8 |
| 2018-12-11 | CVE-2018-19968 | Information Exposure vulnerability in multiple products An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. | 4.0 |
| 2018-08-24 | CVE-2018-15605 | Cross-site Scripting vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin before 4.8.3. | 4.3 |
| 2018-06-21 | CVE-2018-12613 | Improper Authentication vulnerability in PHPmyadmin 4.8.0/4.8.0.1/4.8.1 An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. | 6.5 |
| 2018-06-21 | CVE-2018-12581 | Cross-site Scripting vulnerability in PHPmyadmin An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. | 4.3 |
| 2018-05-01 | CVE-2017-18264 | An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. | 7.5 |
| 2018-04-19 | CVE-2018-10188 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin 4.8.0 phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. | 6.8 |
| 2018-02-21 | CVE-2018-7260 | Cross-site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2018-01-03 | CVE-2017-1000499 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. | 6.8 |