Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-a1h3-y1fe-7fe2
Aliases: CVE-2016-5701 GHSA-rh74-5835-jpxp |
phpMyAdmin vulnerable to Cross-site Scripting setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-cx8d-r8hf-3kak
Aliases: CVE-2016-5739 GHSA-2p7v-jm8m-g3qq |
phpMyAdmin vulnerable to Cross-Site Request Forgery The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-we1q-4dc4-qufn
Aliases: CVE-2016-5733 GHSA-cr65-p662-fx5c |
phpMyAdmin vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-zbha-a7rp-nbd9
Aliases: CVE-2016-5734 GHSA-rv57-479x-x4qv |
Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||