Vulnerabilities > Phpmyadmin > High

DATE CVE VULNERABILITY TITLE RISK
2016-12-11 CVE-2016-6620 Deserialization of Untrusted Data vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-502
7.5
2016-07-03 CVE-2016-5734 Code Injection vulnerability in PHPmyadmin
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
network
low complexity
phpmyadmin CWE-94
7.5
2016-07-03 CVE-2016-5703 SQL Injection vulnerability in multiple products
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.
network
low complexity
opensuse phpmyadmin CWE-89
7.5
2012-12-20 CVE-2012-5469 Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
network
low complexity
phpmyadmin wordpress CWE-264
7.5
2012-09-25 CVE-2012-5159 Code Injection vulnerability in PHPmyadmin 3.5.2.2
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
network
low complexity
phpmyadmin CWE-94
7.5
2009-10-16 CVE-2009-3697 SQL Injection vulnerability in PHPmyadmin
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
network
low complexity
phpmyadmin CWE-89
7.5
2009-04-16 CVE-2009-1285 Code Injection vulnerability in PHPmyadmin
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
network
low complexity
phpmyadmin CWE-94
7.5
2009-03-26 CVE-2009-1149 Improper Input Validation vulnerability in PHPmyadmin
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
network
low complexity
phpmyadmin CWE-20
7.5
2008-09-18 CVE-2008-4096 Improper Input Validation vulnerability in PHPmyadmin
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
network
phpmyadmin CWE-20
8.5
2007-03-07 CVE-2007-1325 Remote Denial of Service vulnerability in phpMyAdmin PMA_ArrayWalkRecursive Function
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions.
network
phpmyadmin
7.1