Vulnerabilities > Phpmyadmin > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-12-11 | CVE-2016-6620 | Deserialization of Untrusted Data vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 7.5 |
2016-07-03 | CVE-2016-5734 | Code Injection vulnerability in PHPmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. | 7.5 |
2016-07-03 | CVE-2016-5703 | SQL Injection vulnerability in multiple products SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. | 7.5 |
2012-12-20 | CVE-2012-5469 | Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. | 7.5 |
2012-09-25 | CVE-2012-5159 | Code Injection vulnerability in PHPmyadmin 3.5.2.2 phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. | 7.5 |
2009-10-16 | CVE-2009-3697 | SQL Injection vulnerability in PHPmyadmin SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. | 7.5 |
2009-04-16 | CVE-2009-1285 | Code Injection vulnerability in PHPmyadmin Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files. | 7.5 |
2009-03-26 | CVE-2009-1149 | Improper Input Validation vulnerability in PHPmyadmin CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters. | 7.5 |
2008-09-18 | CVE-2008-4096 | Improper Input Validation vulnerability in PHPmyadmin libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. | 8.5 |
2007-03-07 | CVE-2007-1325 | Remote Denial of Service vulnerability in phpMyAdmin PMA_ArrayWalkRecursive Function The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. network phpmyadmin | 7.1 |