Vulnerabilities > Phpmyadmin > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-03-01 CVE-2016-2559 Cross-site Scripting vulnerability in PHPmyadmin
Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
network
low complexity
phpmyadmin CWE-79
5.4
5.4
2016-02-20 CVE-2016-2045 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
network
low complexity
phpmyadmin fedoraproject CWE-79
5.4
5.4
2016-02-20 CVE-2016-2044 Information Exposure vulnerability in multiple products
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
fedoraproject phpmyadmin CWE-200
5.3
5.3
2016-02-20 CVE-2016-2043 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
network
low complexity
fedoraproject opensuse phpmyadmin CWE-79
5.4
5.4
2016-02-20 CVE-2016-2042 Information Exposure vulnerability in multiple products
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
network
low complexity
opensuse fedoraproject phpmyadmin CWE-200
5.3
5.3
2016-02-20 CVE-2016-2040 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
network
low complexity
fedoraproject opensuse phpmyadmin CWE-79
5.4
5.4
2016-02-20 CVE-2016-2039 Information Exposure vulnerability in multiple products
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
network
low complexity
opensuse phpmyadmin fedoraproject CWE-200
5.3
5.3
2016-02-20 CVE-2016-2038 Information Exposure vulnerability in multiple products
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
phpmyadmin fedoraproject opensuse CWE-200
5.3
5.3
2015-12-26 CVE-2015-8669 Information Exposure vulnerability in PHPmyadmin
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
phpmyadmin CWE-200
5.3
5.3
2013-04-16 CVE-2013-1937 Cross-site Scripting vulnerability in PHPmyadmin
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter.
network
low complexity
phpmyadmin CWE-79
6.1
6.1