Vulnerabilities > Phpmyadmin > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-11 CVE-2016-6614 Path Traversal vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features.
network
high complexity
phpmyadmin CWE-22
6.8
6.8
2016-12-11 CVE-2016-6613 Information Exposure vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-200
5.3
5.3
2016-12-11 CVE-2016-6612 Information Exposure vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-200
6.5
6.5
2016-12-11 CVE-2016-6610 Information Exposure vulnerability in PHPmyadmin
A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk.
network
low complexity
phpmyadmin CWE-200
4.3
4.3
2016-12-11 CVE-2016-6608 Cross-site Scripting vulnerability in PHPmyadmin
XSS issues were discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-79
6.1
6.1
2016-12-11 CVE-2016-6607 Cross-site Scripting vulnerability in PHPmyadmin
XSS issues were discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-79
6.1
6.1
2016-12-11 CVE-2016-4412 7PK - Security Features vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-254
4.4
4.4
2016-07-05 CVE-2016-5099 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.
network
low complexity
phpmyadmin opensuse CWE-79
6.1
6.1
2016-07-05 CVE-2016-5098 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.
network
low complexity
phpmyadmin opensuse CWE-22
5.3
5.3
2016-07-05 CVE-2016-5097 Information Exposure vulnerability in multiple products
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
network
low complexity
opensuse phpmyadmin CWE-200
5.3
5.3