Download
| Alert*
|
oval:org.secpod.oval:def:1800040
CVE-2017-1000499: By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Affected Versions:¶ Versions 4.7.x are affected. oval:org.secpod.oval:def:1801276 CVE-2018-19968: Local file inclusion through transformation feature.¶ A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any da ... oval:org.secpod.oval:def:602256 Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL. CVE-2014-8958 Multiple cross-site scripting vulnerabilities. CVE-2014-9218 Denial of service via a long password. CVE-2015-2206 Risk of BREACH attack due to reflected parameter. CVE-2015-3902 XSRF/CSRF vulnerabi ... oval:org.secpod.oval:def:108494 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:108496 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:109511 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:109504 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:1801355 CVE-2019-6798: SQL injection in Designer feature Affected Versions:¶ phpMyAdmin versions from 4.5.0 through 4.8.4 are affected. Fixed In Version:¶ phpMyAdmin 4.8.5 oval:org.secpod.oval:def:2000690 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. ... oval:org.secpod.oval:def:2000159 In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. oval:org.secpod.oval:def:2000474 Cross-site scripting vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:1901350 Cross-site scripting vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:115908 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:115903 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:116760 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:116752 phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ... oval:org.secpod.oval:def:1900002 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_in file PHP config ... oval:org.secpod.oval:def:2001050 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_infile PHP configu ... oval:org.secpod.oval:def:1900707 An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. oval:org.secpod.oval:def:1902053 An issue was discovered in phpMyAdmin before 4.8.6. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. oval:org.secpod.oval:def:1902052 An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim"s phpMyAdmin database, and the attacker can ... |
