Vulnerabilities > Phpmyadmin > High

DATE CVE VULNERABILITY TITLE RISK
2016-12-11 CVE-2016-6619 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-89
8.8
8.8
2016-12-11 CVE-2016-6617 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
8.1
8.1
2016-12-11 CVE-2016-6616 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
7.5
7.5
2016-12-11 CVE-2016-6611 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
8.1
8.1
2016-12-11 CVE-2016-6609 Command Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-77
8.8
8.8
2016-12-11 CVE-2016-6606 Information Exposure vulnerability in PHPmyadmin
An issue was discovered in cookie encryption in phpMyAdmin.
network
high complexity
phpmyadmin CWE-200
8.1
8.1
2016-07-03 CVE-2016-5739 Information Exposure vulnerability in multiple products
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
network
low complexity
opensuse phpmyadmin CWE-200
7.5
7.5
2016-07-03 CVE-2016-5706 Resource Management Errors vulnerability in multiple products
js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.
network
low complexity
phpmyadmin opensuse CWE-399
7.5
7.5
2016-02-20 CVE-2016-2041 7PK - Security Features vulnerability in multiple products
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
network
low complexity
fedoraproject phpmyadmin opensuse CWE-254
7.5
7.5
2016-02-20 CVE-2016-1927 7PK - Security Features vulnerability in PHPmyadmin
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
network
low complexity
phpmyadmin CWE-254
7.5
7.5