Vulnerabilities > Phpmyadmin > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-0813 Information Exposure vulnerability in PHPmyadmin
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests.
network
low complexity
phpmyadmin CWE-200
7.5
2020-11-04 CVE-2020-22278 Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyadmin
phpMyAdmin through 5.0.2 allows CSV injection via Export Section.
network
low complexity
phpmyadmin CWE-1236
8.8
2020-03-22 CVE-2020-10802 SQL Injection vulnerability in multiple products
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php.
8.0
2020-03-22 CVE-2020-10804 SQL Injection vulnerability in multiple products
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php).
network
low complexity
phpmyadmin fedoraproject opensuse suse CWE-89
8.0
2020-01-09 CVE-2020-5504 SQL Injection vulnerability in multiple products
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page.
network
low complexity
phpmyadmin suse debian CWE-89
8.8
2018-12-11 CVE-2018-19969 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws.
network
low complexity
phpmyadmin CWE-352
8.8
2018-06-21 CVE-2018-12613 Improper Authentication vulnerability in PHPmyadmin 4.8.0/4.8.0.1/4.8.1
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server.
network
low complexity
phpmyadmin CWE-287
8.8
2018-04-19 CVE-2018-10188 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin 4.8.0
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
network
low complexity
phpmyadmin CWE-352
8.8
2018-01-03 CVE-2017-1000499 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness.
network
low complexity
phpmyadmin CWE-352
8.8
2017-07-17 CVE-2017-1000018 Improper Input Validation vulnerability in PHPmyadmin
phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name
network
low complexity
phpmyadmin CWE-20
7.5