| 0 |
| url |
VCID-1drk-gzqj-2qc5 |
| vulnerability_id |
VCID-1drk-gzqj-2qc5 |
| summary |
Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5099
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1drk-gzqj-2qc5 |
|
| 1 |
| url |
VCID-1hvw-4h4d-zkhv |
| vulnerability_id |
VCID-1hvw-4h4d-zkhv |
| summary |
Cross-site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2040, GHSA-pw34-qf6c-84fc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1hvw-4h4d-zkhv |
|
| 2 |
| url |
VCID-23dq-w66r-k3bt |
| vulnerability_id |
VCID-23dq-w66r-k3bt |
| summary |
Cross-site Scripting
phpMyAdmin is vulnerable to a CSS injection attack through crafted cookie parameters. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2017-1000015, GHSA-3fgq-cmr4-97rr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-23dq-w66r-k3bt |
|
| 3 |
| url |
VCID-27w6-zhxk-x7e7 |
| vulnerability_id |
VCID-27w6-zhxk-x7e7 |
| summary |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2561
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-27w6-zhxk-x7e7 |
|
| 4 |
| url |
VCID-282b-1ugg-yuev |
| vulnerability_id |
VCID-282b-1ugg-yuev |
| summary |
phpMyAdmin server-side request forgery (SSRF)
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6621, GHSA-44vv-mm86-7cg6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-282b-1ugg-yuev |
|
| 5 |
| url |
VCID-2at1-y3qg-77fb |
| vulnerability_id |
VCID-2at1-y3qg-77fb |
| summary |
Cross-site Scripting
An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in `tbl_get_field.php` and `libraries/classes/Display/Results.php`). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-10803, GHSA-fcww-8wvc-38q9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2at1-y3qg-77fb |
|
| 6 |
| url |
VCID-2vqn-z4en-duh4 |
| vulnerability_id |
VCID-2vqn-z4en-duh4 |
| summary |
Information Exposure
phpMyAdmin allows remote attackers to obtain sensitive information. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5730, GHSA-wm9c-vcv2-vpqc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2vqn-z4en-duh4 |
|
| 7 |
| url |
VCID-31jg-3pzb-y3b6 |
| vulnerability_id |
VCID-31jg-3pzb-y3b6 |
| summary |
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9853, GHSA-rmmf-5xhh-gg27
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-31jg-3pzb-y3b6 |
|
| 8 |
| url |
VCID-32ja-yuuw-bbbh |
| vulnerability_id |
VCID-32ja-yuuw-bbbh |
| summary |
SQL Injection
An SQL injection vulnerability was found in retrieval of the current username (in `libraries/classes/Server/Privileges.php` and `libraries/classes/UserPassword.php`). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-10804, GHSA-h65r-8fp8-w7cx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-32ja-yuuw-bbbh |
|
| 9 |
| url |
VCID-33kv-ye2c-ebax |
| vulnerability_id |
VCID-33kv-ye2c-ebax |
| summary |
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5097
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-33kv-ye2c-ebax |
|
| 10 |
| url |
VCID-33mh-s92h-c7ht |
| vulnerability_id |
VCID-33mh-s92h-c7ht |
| summary |
phpMyAdmin vulnerable to Cross-Site Request Forgery
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5739, GHSA-2p7v-jm8m-g3qq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-33mh-s92h-c7ht |
|
| 11 |
| url |
VCID-38tp-acy8-57hj |
| vulnerability_id |
VCID-38tp-acy8-57hj |
| summary |
Improper Input Validation
phpMyAdmin is vulnerable to a DoS weakness in the table editing functionality. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2017-1000014, GHSA-9hrc-rwrq-v6mh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-38tp-acy8-57hj |
|
| 12 |
| url |
VCID-3va7-xx14-gkds |
| vulnerability_id |
VCID-3va7-xx14-gkds |
| summary |
Information Exposure
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6613, GHSA-6j2v-g9rg-qcm5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3va7-xx14-gkds |
|
| 13 |
| url |
VCID-44uc-xrvp-7bet |
| vulnerability_id |
VCID-44uc-xrvp-7bet |
| summary |
Incomplete List of Disallowed Inputs
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6624, GHSA-mhxj-6vf8-mwv3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-44uc-xrvp-7bet |
|
| 14 |
| url |
VCID-4avx-e9mf-2yb1 |
| vulnerability_id |
VCID-4avx-e9mf-2yb1 |
| summary |
Uncontrolled Resouce Consumption
An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6618, GHSA-rv6m-chvv-wmxg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4avx-e9mf-2yb1 |
|
| 15 |
| url |
VCID-4kax-4bpz-g7c5 |
| vulnerability_id |
VCID-4kax-4bpz-g7c5 |
| summary |
Covert Timing Channel
`libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2041, GHSA-8m97-xc46-rw9w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4kax-4bpz-g7c5 |
|
| 16 |
| url |
VCID-4vgu-cagj-hfhb |
| vulnerability_id |
VCID-4vgu-cagj-hfhb |
| summary |
Command Injection
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6609, GHSA-wpww-hx7x-xfjh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4vgu-cagj-hfhb |
|
| 17 |
| url |
VCID-4wn2-pnbv-sked |
| vulnerability_id |
VCID-4wn2-pnbv-sked |
| summary |
Cross-site Scripting
In phpMyAdm, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted `database/table` name. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-19970, GHSA-8987-93fh-rcwq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4wn2-pnbv-sked |
|
| 18 |
| url |
VCID-52xs-45kd-w3hz |
| vulnerability_id |
VCID-52xs-45kd-w3hz |
| summary |
Information Exposure
An attacker can exploit phpMyAdm to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19968, GHSA-xc97-r49q-cxgc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-52xs-45kd-w3hz |
|
| 19 |
| url |
VCID-59mu-8aep-9ycn |
| vulnerability_id |
VCID-59mu-8aep-9ycn |
| summary |
phpMyAdmin XSS when checking tables
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-24530, GHSA-222v-cx2c-q2f5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-59mu-8aep-9ycn |
|
| 20 |
| url |
VCID-5bu8-wy7w-bqfc |
| vulnerability_id |
VCID-5bu8-wy7w-bqfc |
| summary |
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6606
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu8-wy7w-bqfc |
|
| 21 |
| url |
VCID-5jye-2stz-fqam |
| vulnerability_id |
VCID-5jye-2stz-fqam |
| summary |
Uncontrolled Resource Consumption
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that is vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-21252, GHSA-jxwx-85vp-gvwm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5jye-2stz-fqam |
|
| 22 |
| url |
VCID-6gs5-cswx-bfeb |
| vulnerability_id |
VCID-6gs5-cswx-bfeb |
| summary |
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2042
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6gs5-cswx-bfeb |
|
| 23 |
| url |
VCID-7avk-rmwd-yugt |
| vulnerability_id |
VCID-7avk-rmwd-yugt |
| summary |
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6620
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7avk-rmwd-yugt |
|
| 24 |
| url |
VCID-7vpu-x9mb-q3c6 |
| vulnerability_id |
VCID-7vpu-x9mb-q3c6 |
| summary |
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-5504, GHSA-fgj8-93xx-f6g6
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7vpu-x9mb-q3c6 |
|
| 25 |
| url |
VCID-84n7-nzzg-juhz |
| vulnerability_id |
VCID-84n7-nzzg-juhz |
| summary |
phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5702, GHSA-xqw9-ffx7-g998
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84n7-nzzg-juhz |
|
| 26 |
| url |
VCID-8jt7-y15v-83gj |
| vulnerability_id |
VCID-8jt7-y15v-83gj |
| summary |
XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6615
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8jt7-y15v-83gj |
|
| 27 |
| url |
VCID-8rvw-n1fg-ffc2 |
| vulnerability_id |
VCID-8rvw-n1fg-ffc2 |
| summary |
Cross-Site Request Forgery (CSRF)
A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken `<img>` tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific `INSERT` or `DELETE` statement) to the victim. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12616, GHSA-mfr9-pcm3-6mwc
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8rvw-n1fg-ffc2 |
|
| 28 |
| url |
VCID-8yxm-e33n-d7gj |
| vulnerability_id |
VCID-8yxm-e33n-d7gj |
| summary |
An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6619
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8yxm-e33n-d7gj |
|
| 29 |
| url |
VCID-9nh7-ny6c-n3cd |
| vulnerability_id |
VCID-9nh7-ny6c-n3cd |
| summary |
An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6626
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9nh7-ny6c-n3cd |
|
| 30 |
| url |
VCID-9tdu-572c-tbb2 |
| vulnerability_id |
VCID-9tdu-572c-tbb2 |
| summary |
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5703
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9tdu-572c-tbb2 |
|
| 31 |
| url |
VCID-ajeh-4q9t-sydz |
| vulnerability_id |
VCID-ajeh-4q9t-sydz |
| summary |
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9850
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ajeh-4q9t-sydz |
|
| 32 |
| url |
VCID-ajf6-bk2g-wkb7 |
| vulnerability_id |
VCID-ajf6-bk2g-wkb7 |
| summary |
Information Exposure
When the `AllowArbitraryServer` configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the `mysql.allow_local_infile` PHP configuration, and the inadvertent ignoring of `options(MYSQLI_OPT_LOCAL_INFILE` calls. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-6799, GHSA-c8wj-q36q-3wg4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ajf6-bk2g-wkb7 |
|
| 33 |
| url |
VCID-b2nf-6pr3-xqaa |
| vulnerability_id |
VCID-b2nf-6pr3-xqaa |
| summary |
SQL Injection
An issue was discovered in SearchController in phpMyAdmin. An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-26935, GHSA-7ff4-cv53-4cjq
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b2nf-6pr3-xqaa |
|
| 34 |
| url |
VCID-b4jk-yjfy-pfcv |
| vulnerability_id |
VCID-b4jk-yjfy-pfcv |
| summary |
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2044
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b4jk-yjfy-pfcv |
|
| 35 |
| url |
VCID-b6ng-ygap-zqh4 |
| vulnerability_id |
VCID-b6ng-ygap-zqh4 |
| summary |
Improper Input Validation
The `checkHTTP` function in `libraries/Config.class.php` in phpMyAdmin does not verify X.509 certificates from `api.github.com` SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2562, GHSA-w8qg-j9fp-hrjf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b6ng-ygap-zqh4 |
|
| 36 |
| url |
VCID-bd83-vf81-sfa4 |
| vulnerability_id |
VCID-bd83-vf81-sfa4 |
| summary |
SQL Injection
An issue was discovered in phpMyAdmin. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-6798, GHSA-f732-fxh6-g4qj
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bd83-vf81-sfa4 |
|
| 37 |
| url |
VCID-bddg-5zgr-3uew |
| vulnerability_id |
VCID-bddg-5zgr-3uew |
| summary |
phpMyAdmin vulnerable to Cross-site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5705, GHSA-6q2j-8h8q-46mr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bddg-5zgr-3uew |
|
| 38 |
| url |
VCID-btc1-yng3-ckhx |
| vulnerability_id |
VCID-btc1-yng3-ckhx |
| summary |
Improper Input Validation
phpMyAdmin is vulnerable to a DoS attack in the replication status by using a specially crafted table name. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2017-1000018, GHSA-47qr-f86f-3wm4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-btc1-yng3-ckhx |
|
| 39 |
| url |
VCID-cbjd-e3sk-m7bu |
| vulnerability_id |
VCID-cbjd-e3sk-m7bu |
| summary |
Cross-Site Request Forgery (CSRF)
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9866, GHSA-jvxx-8xxf-5495
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cbjd-e3sk-m7bu |
|
| 40 |
| url |
VCID-crn9-f6qt-qfg5 |
| vulnerability_id |
VCID-crn9-f6qt-qfg5 |
| summary |
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2039
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-crn9-f6qt-qfg5 |
|
| 41 |
| url |
VCID-cth2-72mg-6yfr |
| vulnerability_id |
VCID-cth2-72mg-6yfr |
| summary |
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2015-8669
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cth2-72mg-6yfr |
|
| 42 |
| url |
VCID-cz55-m46r-37gb |
| vulnerability_id |
VCID-cz55-m46r-37gb |
| summary |
Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2015-3902
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cz55-m46r-37gb |
|
| 43 |
| url |
VCID-d7jk-a94y-n3ca |
| vulnerability_id |
VCID-d7jk-a94y-n3ca |
| summary |
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2038
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d7jk-a94y-n3ca |
|
| 44 |
| url |
VCID-dbk1-n9kh-dfhm |
| vulnerability_id |
VCID-dbk1-n9kh-dfhm |
| summary |
Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5704, GHSA-gcvp-cwgw-wx8j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dbk1-n9kh-dfhm |
|
| 45 |
| url |
VCID-dfsz-1y13-yug9 |
| vulnerability_id |
VCID-dfsz-1y13-yug9 |
| summary |
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9858
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dfsz-1y13-yug9 |
|
| 46 |
| url |
VCID-dgvs-kqpd-gfcy |
| vulnerability_id |
VCID-dgvs-kqpd-gfcy |
| summary |
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2045
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dgvs-kqpd-gfcy |
|
| 47 |
| url |
VCID-dj5f-y77j-d7dx |
| vulnerability_id |
VCID-dj5f-y77j-d7dx |
| summary |
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9849
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dj5f-y77j-d7dx |
|
| 48 |
| url |
VCID-dx3h-z4dg-m3e1 |
| vulnerability_id |
VCID-dx3h-z4dg-m3e1 |
| summary |
SQL Injection
In phpMyAdmin, an SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in `libraries/classes/Controllers/Table/TableSearchController.php`. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-10802, GHSA-f4cr-3xmc-2wpm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dx3h-z4dg-m3e1 |
|
| 49 |
| url |
VCID-g2uy-ekyf-4bcj |
| vulnerability_id |
VCID-g2uy-ekyf-4bcj |
| summary |
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2043
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g2uy-ekyf-4bcj |
|
| 50 |
| url |
VCID-gmjk-222y-abda |
| vulnerability_id |
VCID-gmjk-222y-abda |
| summary |
Information Exposure
An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user session, username, and password are not compromised by this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6625, GHSA-r643-7xfg-ppc5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gmjk-222y-abda |
|
| 51 |
| url |
VCID-gqxb-6rey-rbhv |
| vulnerability_id |
VCID-gqxb-6rey-rbhv |
| summary |
phpMyAdmin vulnerable to Cross-site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5733, GHSA-cr65-p662-fx5c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gqxb-6rey-rbhv |
|
| 52 |
| url |
VCID-gtps-py3z-13cu |
| vulnerability_id |
VCID-gtps-py3z-13cu |
| summary |
Code Injection
An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6633, GHSA-p849-vf5f-f3x7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gtps-py3z-13cu |
|
| 53 |
| url |
VCID-gzwb-ju7m-juf7 |
| vulnerability_id |
VCID-gzwb-ju7m-juf7 |
| summary |
A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6610
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gzwb-ju7m-juf7 |
|
| 54 |
|
| 55 |
| url |
VCID-hbp6-s544-pqaw |
| vulnerability_id |
VCID-hbp6-s544-pqaw |
| summary |
An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6631
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hbp6-s544-pqaw |
|
| 56 |
| url |
VCID-hw5n-kv9r-8yej |
| vulnerability_id |
VCID-hw5n-kv9r-8yej |
| summary |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2560
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hw5n-kv9r-8yej |
|
| 57 |
| url |
VCID-j589-8hrn-9bae |
| vulnerability_id |
VCID-j589-8hrn-9bae |
| summary |
Improper Input Validation
A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2017-1000016, GHSA-j2cq-h6v2-f875
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j589-8hrn-9bae |
|
| 58 |
| url |
VCID-jabw-t2hb-q3e9 |
| vulnerability_id |
VCID-jabw-t2hb-q3e9 |
| summary |
An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9848
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jabw-t2hb-q3e9 |
|
| 59 |
| url |
VCID-jemb-avnk-c7eb |
| vulnerability_id |
VCID-jemb-avnk-c7eb |
| summary |
An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6616
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jemb-avnk-c7eb |
|
| 60 |
| url |
VCID-jmn8-a5r9-2qc8 |
| vulnerability_id |
VCID-jmn8-a5r9-2qc8 |
| summary |
Improper Input Validation
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6622, GHSA-qf3f-7x69-qfv3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jmn8-a5r9-2qc8 |
|
| 61 |
| url |
VCID-jxf7-1cq4-t3cv |
| vulnerability_id |
VCID-jxf7-1cq4-t3cv |
| summary |
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5734, GHSA-rv57-479x-x4qv
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jxf7-1cq4-t3cv |
|
| 62 |
| url |
VCID-k5ph-wws1-fqg4 |
| vulnerability_id |
VCID-k5ph-wws1-fqg4 |
| summary |
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in `examples/openid.php` in phpMyAdmin allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5731, GHSA-mwm8-36c5-j5cf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k5ph-wws1-fqg4 |
|
| 63 |
|
| 64 |
| url |
VCID-kfrx-mmr7-euep |
| vulnerability_id |
VCID-kfrx-mmr7-euep |
| summary |
Cross-Site Request Forgery (CSRF)
phpMyAdm has CSRF, allowing an attacker to execute arbitrary SQL statements, related to `js/db_operations.js`, `js/tbl_operations.js`, `libraries/classes/Operations.php`, and `sql.php.` |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-10188, GHSA-v6fp-h79x-9rqc
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kfrx-mmr7-euep |
|
| 65 |
| url |
VCID-kwtj-jk24-zffq |
| vulnerability_id |
VCID-kwtj-jk24-zffq |
| summary |
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6611
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kwtj-jk24-zffq |
|
| 66 |
| url |
VCID-m2g6-2ztp-tuam |
| vulnerability_id |
VCID-m2g6-2ztp-tuam |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
http://phpmyadmin.com |
| reference_id |
phpmyadmin.com |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-01T14:07:49Z/ |
|
|
| url |
http://phpmyadmin.com |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-22452, GHSA-prcg-mc23-hgjh
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m2g6-2ztp-tuam |
|
| 67 |
| url |
VCID-m3kq-1cfg-mkgc |
| vulnerability_id |
VCID-m3kq-1cfg-mkgc |
| summary |
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-25727, GHSA-6hr3-44gx-g6wh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m3kq-1cfg-mkgc |
|
| 68 |
| url |
VCID-m59w-cug5-wbe2 |
| vulnerability_id |
VCID-m59w-cug5-wbe2 |
| summary |
An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9862
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m59w-cug5-wbe2 |
|
| 69 |
| url |
VCID-mgu4-pf1x-r3dy |
| vulnerability_id |
VCID-mgu4-pf1x-r3dy |
| summary |
Cross-site Scripting
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6608, GHSA-jfmj-27fp-qp67
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mgu4-pf1x-r3dy |
|
| 70 |
| url |
VCID-mxn5-bh7q-gkdb |
| vulnerability_id |
VCID-mxn5-bh7q-gkdb |
| summary |
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2015-7873, GHSA-5pmg-qh2c-7j24
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mxn5-bh7q-gkdb |
|
| 71 |
| url |
VCID-mzuh-5e5y-d3hr |
| vulnerability_id |
VCID-mzuh-5e5y-d3hr |
| summary |
Improper Neutralization of Escape, Meta, or Control Sequences
phpMyAdmin does not escape certain Git information, related to `libraries/classes/Display/GitRevision.php` and `libraries/classes/Footer.php`. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-19617, GHSA-pgph-mc4p-f8c3
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mzuh-5e5y-d3hr |
|
| 72 |
| url |
VCID-n53q-r421-affh |
| vulnerability_id |
VCID-n53q-r421-affh |
| summary |
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6617
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n53q-r421-affh |
|
| 73 |
| url |
VCID-n66y-s36g-fqck |
| vulnerability_id |
VCID-n66y-s36g-fqck |
| summary |
Improper Input Validation
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9860, GHSA-3hw5-fffc-qrg4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n66y-s36g-fqck |
|
| 74 |
| url |
VCID-np5w-chxm-cyak |
| vulnerability_id |
VCID-np5w-chxm-cyak |
| summary |
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2015-8980
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-np5w-chxm-cyak |
|
| 75 |
| url |
VCID-nuju-ekmt-k7g9 |
| vulnerability_id |
VCID-nuju-ekmt-k7g9 |
| summary |
Improper Input Validation
An issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by `ArbitraryServerRegexp`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6629, GHSA-567r-vqj7-5cw7
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nuju-ekmt-k7g9 |
|
| 76 |
| url |
VCID-nv3j-xj42-wfcw |
| vulnerability_id |
VCID-nv3j-xj42-wfcw |
| summary |
Incomplete List of Disallowed Inputs
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9861, GHSA-r326-mp8g-6xfc
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nv3j-xj42-wfcw |
|
| 77 |
| url |
VCID-p1jn-sxds-mqd1 |
| vulnerability_id |
VCID-p1jn-sxds-mqd1 |
| summary |
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in `db_central_columns.php` in phpMyAdm allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-7260, GHSA-gqmj-f46x-wqhw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p1jn-sxds-mqd1 |
|
| 78 |
| url |
VCID-p361-saxs-97g9 |
| vulnerability_id |
VCID-p361-saxs-97g9 |
| summary |
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9855
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p361-saxs-97g9 |
|
| 79 |
| url |
VCID-pfdk-db4h-47dx |
| vulnerability_id |
VCID-pfdk-db4h-47dx |
| summary |
Cross-site Scripting
A Cross-site scripting (XSS) vulnerability in the format function in `libraries/sql-parser/src/Utils/Error.php` in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-2559, GHSA-7rf8-9r8f-qf59
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pfdk-db4h-47dx |
|
| 80 |
| url |
VCID-pnry-rv8t-v3ff |
| vulnerability_id |
VCID-pnry-rv8t-v3ff |
| summary |
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2015-2206
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pnry-rv8t-v3ff |
|
| 81 |
| url |
VCID-q2wv-kbra-5kg8 |
| vulnerability_id |
VCID-q2wv-kbra-5kg8 |
| summary |
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9865
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q2wv-kbra-5kg8 |
|
| 82 |
| url |
VCID-q45d-5bf4-tff5 |
| vulnerability_id |
VCID-q45d-5bf4-tff5 |
| summary |
Improper Privilege Management
An issue was discovered in `libraries/common` which allows users who have no password set to log in even if the administrator has set `$cfg['Servers'][$i]['AllowNoPassword']` to `false` (which is also the default). |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2017-18264, GHSA-5868-g58j-vrj5
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q45d-5bf4-tff5 |
|
| 83 |
| url |
VCID-q7pe-bvr1-g3bc |
| vulnerability_id |
VCID-q7pe-bvr1-g3bc |
| summary |
Cryptographic Issues
An issue was discovered in phpMyAdmin. When the user does not specify a `blowfish_secret` key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's `blowfish_secret` and potentially decrypt their cookies. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9847, GHSA-9xhq-pm7v-693p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q7pe-bvr1-g3bc |
|
| 84 |
| url |
VCID-q7rn-1612-quau |
| vulnerability_id |
VCID-q7rn-1612-quau |
| summary |
SQL Injection
A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-11768, GHSA-x37v-98f9-mj32
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q7rn-1612-quau |
|
| 85 |
| url |
VCID-q7zq-5xpn-93dd |
| vulnerability_id |
VCID-q7zq-5xpn-93dd |
| summary |
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9854
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q7zq-5xpn-93dd |
|
| 86 |
| url |
VCID-qeac-129m-1udw |
| vulnerability_id |
VCID-qeac-129m-1udw |
| summary |
An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9863, GHSA-qgrq-64g6-mmh6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qeac-129m-1udw |
|
| 87 |
|
| 88 |
| url |
VCID-qpj7-uk5e-nbez |
| vulnerability_id |
VCID-qpj7-uk5e-nbez |
| summary |
phpMyAdmin vulnerable to Cross-site Scripting
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5701, GHSA-rh74-5835-jpxp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qpj7-uk5e-nbez |
|
| 89 |
| url |
VCID-qqyb-zags-bbhz |
| vulnerability_id |
VCID-qqyb-zags-bbhz |
| summary |
Incomplete Cleanup
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6632, GHSA-426q-975p-w5cr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qqyb-zags-bbhz |
|
| 90 |
| url |
VCID-r3z5-cc6j-8yg6 |
| vulnerability_id |
VCID-r3z5-cc6j-8yg6 |
| summary |
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6614
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r3z5-cc6j-8yg6 |
|
| 91 |
| url |
VCID-r4zz-m2mr-9qeb |
| vulnerability_id |
VCID-r4zz-m2mr-9qeb |
| summary |
Cross-Site Request Forgery (CSRF)
By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new `tables/routines`, deleting designer pages, `adding/deleting` users, updating user passwords, killing SQL processes. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-19969, GHSA-xwf2-53mc-r8hx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-m2mr-9qeb |
|
| 92 |
| url |
VCID-r9sb-489v-fqc9 |
| vulnerability_id |
VCID-r9sb-489v-fqc9 |
| summary |
phpMyAdmin Cryptographic Vulnerability
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-1927, GHSA-4gmg-gwjh-3mmr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r9sb-489v-fqc9 |
|
| 93 |
| url |
VCID-rc63-nakx-ebbe |
| vulnerability_id |
VCID-rc63-nakx-ebbe |
| summary |
Cross-site Scripting
An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9857, GHSA-hmmx-wxh4-9w8w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rc63-nakx-ebbe |
|
| 94 |
| url |
VCID-rsrk-jwbt-qfhe |
| vulnerability_id |
VCID-rsrk-jwbt-qfhe |
| summary |
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9859
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rsrk-jwbt-qfhe |
|
| 95 |
| url |
VCID-rx9z-rdmm-5fg6 |
| vulnerability_id |
VCID-rx9z-rdmm-5fg6 |
| summary |
Cross-site Scripting
An issue was discovered in `js/designer/move.js` in phpMyAdm A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-12581, GHSA-vxj6-pm6r-23hq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rx9z-rdmm-5fg6 |
|
| 96 |
| url |
VCID-rxz2-tx2n-k3bd |
| vulnerability_id |
VCID-rxz2-tx2n-k3bd |
| summary |
Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5732, GHSA-3q28-xfw3-2q35
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rxz2-tx2n-k3bd |
|
| 97 |
| url |
VCID-rz6q-hthe-1uer |
| vulnerability_id |
VCID-rz6q-hthe-1uer |
| summary |
Information Exposure
An issue was discovered in phpMyAdmin. A user can exploit the "LOAD LOCAL INFILE" functionality to expose files on the server to the database system. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6612, GHSA-fcgm-62p3-f7cm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rz6q-hthe-1uer |
|
| 98 |
| url |
VCID-s88e-r2gd-9yep |
| vulnerability_id |
VCID-s88e-r2gd-9yep |
| summary |
libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2015-3903
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s88e-r2gd-9yep |
|
| 99 |
| url |
VCID-segg-gk79-9bc6 |
| vulnerability_id |
VCID-segg-gk79-9bc6 |
| summary |
Improper Input Validation
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9851, GHSA-r2vw-p77f-vc27
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-segg-gk79-9bc6 |
|
| 100 |
| url |
VCID-tvfz-v881-sufp |
| vulnerability_id |
VCID-tvfz-v881-sufp |
| summary |
phpMyAdmin Denial Of Service (DOS) attack
js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-5706, GHSA-9rmm-8fp4-26hv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tvfz-v881-sufp |
|
| 101 |
| url |
VCID-txba-1at4-ekg2 |
| vulnerability_id |
VCID-txba-1at4-ekg2 |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
phpMyAdmin is vulnerable to an open redirect weakness. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2017-1000013, GHSA-5h5m-fj48-qpjw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-txba-1at4-ekg2 |
|
| 102 |
| url |
VCID-uc6b-5sj1-9yg2 |
| vulnerability_id |
VCID-uc6b-5sj1-9yg2 |
| summary |
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2015-6830, GHSA-v6fh-vg22-r6cm
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uc6b-5sj1-9yg2 |
|
| 103 |
| url |
VCID-utga-335m-dua9 |
| vulnerability_id |
VCID-utga-335m-dua9 |
| summary |
Cross-site Scripting
An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9856, GHSA-j8mx-x32r-5rf4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-utga-335m-dua9 |
|
| 104 |
| url |
VCID-v1kx-5wa1-r7he |
| vulnerability_id |
VCID-v1kx-5wa1-r7he |
| summary |
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9852
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v1kx-5wa1-r7he |
|
| 105 |
| url |
VCID-vpf2-5j4s-jqeb |
| vulnerability_id |
VCID-vpf2-5j4s-jqeb |
| summary |
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-9864
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vpf2-5j4s-jqeb |
|
| 106 |
| url |
VCID-vxc7-fwud-33an |
| vulnerability_id |
VCID-vxc7-fwud-33an |
| summary |
An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6630
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vxc7-fwud-33an |
|
| 107 |
|
| 108 |
| url |
VCID-x75q-4y74-d3gt |
| vulnerability_id |
VCID-x75q-4y74-d3gt |
| summary |
An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6627
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x75q-4y74-d3gt |
|
| 109 |
| url |
VCID-xqf5-yxf3-u3he |
| vulnerability_id |
VCID-xqf5-yxf3-u3he |
| summary |
Cross-site Scripting
An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6628, GHSA-phhm-63xx-v9rr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xqf5-yxf3-u3he |
|
| 110 |
| url |
VCID-zmjf-j2zs-23ey |
| vulnerability_id |
VCID-zmjf-j2zs-23ey |
| summary |
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6607
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zmjf-j2zs-23ey |
|
| 111 |
| url |
VCID-zvcj-g6rt-s3de |
| vulnerability_id |
VCID-zvcj-g6rt-s3de |
| summary |
Server-Side Request Forgery (SSRF)
phpMyAdmin is vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2017-1000017, GHSA-99xj-xqc9-98hr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zvcj-g6rt-s3de |
|
| 112 |
| url |
VCID-zyes-82y3-g7dh |
| vulnerability_id |
VCID-zyes-82y3-g7dh |
| summary |
An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| purl |
pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2at1-y3qg-77fb |
|
| 1 |
| vulnerability |
VCID-32ja-yuuw-bbbh |
|
| 2 |
| vulnerability |
VCID-4wn2-pnbv-sked |
|
| 3 |
| vulnerability |
VCID-52xs-45kd-w3hz |
|
| 4 |
| vulnerability |
VCID-59mu-8aep-9ycn |
|
| 5 |
| vulnerability |
VCID-5jye-2stz-fqam |
|
| 6 |
| vulnerability |
VCID-7vpu-x9mb-q3c6 |
|
| 7 |
| vulnerability |
VCID-8rvw-n1fg-ffc2 |
|
| 8 |
| vulnerability |
VCID-ajf6-bk2g-wkb7 |
|
| 9 |
| vulnerability |
VCID-b2nf-6pr3-xqaa |
|
| 10 |
| vulnerability |
VCID-bd83-vf81-sfa4 |
|
| 11 |
| vulnerability |
VCID-dx3h-z4dg-m3e1 |
|
| 12 |
| vulnerability |
VCID-har4-gaft-m7e8 |
|
| 13 |
| vulnerability |
VCID-kfr7-v6tb-eqau |
|
| 14 |
| vulnerability |
VCID-kfrx-mmr7-euep |
|
| 15 |
| vulnerability |
VCID-m2g6-2ztp-tuam |
|
| 16 |
| vulnerability |
VCID-m3kq-1cfg-mkgc |
|
| 17 |
| vulnerability |
VCID-mzuh-5e5y-d3hr |
|
| 18 |
| vulnerability |
VCID-p1jn-sxds-mqd1 |
|
| 19 |
| vulnerability |
VCID-q7rn-1612-quau |
|
| 20 |
| vulnerability |
VCID-qmj2-pxvt-zqes |
|
| 21 |
| vulnerability |
VCID-r4zz-m2mr-9qeb |
|
| 22 |
| vulnerability |
VCID-rx9z-rdmm-5fg6 |
|
| 23 |
| vulnerability |
VCID-w6nk-akeh-4ufg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1 |
|
|
| aliases |
CVE-2016-6623, GHSA-2mcj-3r3r-v5wm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zyes-82y3-g7dh |
|