Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@4.4.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1dc8-kafr-3qd7
Aliases: CVE-2016-6628 GHSA-phhm-63xx-v9rr |
Cross-site Scripting An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-24e9-fnt7-jqdu
Aliases: CVE-2017-1000018 GHSA-47qr-f86f-3wm4 |
Improper Input Validation phpMyAdmin is vulnerable to a DoS attack in the replication status by using a specially crafted table name. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-27kp-82xd-cucw
Aliases: CVE-2015-7873 GHSA-5pmg-qh2c-7j24 |
phpMyAdmin allows remote attackers to spoof content via the url parameter The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-3yp5-vqej-r7hh
Aliases: CVE-2016-2040 GHSA-pw34-qf6c-84fc |
Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-4szd-esqn-93aq
Aliases: CVE-2016-9853 GHSA-rmmf-5xhh-gg27 |
Exposure of Sensitive Information to an Unauthorized Actor An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-5mda-fksy-bqb2
Aliases: CVE-2016-9857 GHSA-hmmx-wxh4-9w8w |
Cross-site Scripting An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-64sy-unts-juf3
Aliases: CVE-2016-6625 GHSA-r643-7xfg-ppc5 |
Information Exposure An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user session, username, and password are not compromised by this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-7h9b-a8dp-57hp
Aliases: CVE-2017-1000015 GHSA-3fgq-cmr4-97rr |
Cross-site Scripting phpMyAdmin is vulnerable to a CSS injection attack through crafted cookie parameters. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-7n1n-uj91-8ugg
Aliases: CVE-2016-6621 GHSA-44vv-mm86-7cg6 |
phpMyAdmin server-side request forgery (SSRF) The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-8fu3-wm7d-qkeu
Aliases: CVE-2016-6632 GHSA-426q-975p-w5cr |
Incomplete Cleanup An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-8xac-hgvs-ykgn
Aliases: CVE-2016-9861 GHSA-r326-mp8g-6xfc |
Incomplete List of Disallowed Inputs An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-9t2s-etzf-t3d2
Aliases: CVE-2016-6609 GHSA-wpww-hx7x-xfjh |
Command Injection An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-9xxd-uwwt-57ba
Aliases: CVE-2016-9856 GHSA-j8mx-x32r-5rf4 |
Cross-site Scripting An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-b5bf-6u8e-byh8
Aliases: CVE-2016-5706 GHSA-9rmm-8fp4-26hv |
phpMyAdmin Denial Of Service (DOS) attack js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. |
Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-b5d2-5bfb-bbgz
Aliases: CVE-2017-1000017 GHSA-99xj-xqc9-98hr |
Server-Side Request Forgery (SSRF) phpMyAdmin is vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-bcmm-z26p-rkfp
Aliases: CVE-2016-9860 GHSA-3hw5-fffc-qrg4 |
Improper Input Validation An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-e9qs-mvaa-wyc6
Aliases: CVE-2016-6624 GHSA-mhxj-6vf8-mwv3 |
Incomplete List of Disallowed Inputs An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-f7gd-w9r7-xyb2
Aliases: CVE-2016-1927 GHSA-4gmg-gwjh-3mmr |
phpMyAdmin Cryptographic Vulnerability The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-fgr8-8j61-cufq
Aliases: CVE-2016-6612 GHSA-fcgm-62p3-f7cm |
Information Exposure An issue was discovered in phpMyAdmin. A user can exploit the "LOAD LOCAL INFILE" functionality to expose files on the server to the database system. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-gzqe-8ywj-h7hk
Aliases: CVE-2016-9847 GHSA-9xhq-pm7v-693p |
Cryptographic Issues An issue was discovered in phpMyAdmin. When the user does not specify a `blowfish_secret` key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's `blowfish_secret` and potentially decrypt their cookies. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-h5wu-ugm7-4bah
Aliases: CVE-2016-6633 GHSA-p849-vf5f-f3x7 |
Code Injection An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-hnud-ktgb-dfe6
Aliases: CVE-2017-18264 GHSA-5868-g58j-vrj5 |
Improper Privilege Management An issue was discovered in `libraries/common` which allows users who have no password set to log in even if the administrator has set `$cfg['Servers'][$i]['AllowNoPassword']` to `false` (which is also the default). |
Affected by 22 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-hucu-azum-53bw
Aliases: CVE-2016-5730 GHSA-wm9c-vcv2-vpqc |
Information Exposure phpMyAdmin allows remote attackers to obtain sensitive information. |
Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-jj7e-xndw-6fcp
Aliases: CVE-2016-9851 GHSA-r2vw-p77f-vc27 |
Improper Input Validation An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-nz1c-xk2s-3fau
Aliases: CVE-2016-5731 GHSA-mwm8-36c5-j5cf |
Cross-site Scripting Cross-site scripting (XSS) vulnerability in `examples/openid.php` in phpMyAdmin allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. |
Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-r8te-6fr7-tuc2
Aliases: CVE-2016-5705 GHSA-6q2j-8h8q-46mr |
phpMyAdmin vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. |
Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-tydk-zjv1-nye6
Aliases: CVE-2016-6622 GHSA-qf3f-7x69-qfv3 |
Improper Input Validation An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-uw6h-fpzy-x3ap
Aliases: CVE-2017-1000013 GHSA-5h5m-fj48-qpjw |
URL Redirection to Untrusted Site (Open Redirect) phpMyAdmin is vulnerable to an open redirect weakness. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-v66b-3ghf-9uas
Aliases: CVE-2016-6629 GHSA-567r-vqj7-5cw7 |
Improper Input Validation An issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by `ArbitraryServerRegexp`. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-w37b-ep3h-tfaz
Aliases: CVE-2016-2041 GHSA-8m97-xc46-rw9w |
Covert Timing Channel `libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-w56h-g9t8-1fgu
Aliases: CVE-2015-6830 GHSA-v6fh-vg22-r6cm |
phpMyAdmin ReCaptcha bypass libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. |
Affected by 5 other vulnerabilities. |
|
VCID-wamt-3g12-t7ch
Aliases: CVE-2016-9866 GHSA-jvxx-8xxf-5495 |
Cross-Site Request Forgery (CSRF) An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-xu1c-xtb4-9ygg
Aliases: CVE-2016-6623 GHSA-2mcj-3r3r-v5wm |
Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-z22z-a5bq-97d3
Aliases: CVE-2016-6618 GHSA-rv6m-chvv-wmxg |
Uncontrolled Resouce Consumption An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-zg16-dfu1-g7dn
Aliases: CVE-2016-6613 GHSA-6j2v-g9rg-qcm5 |
Information Exposure An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-zreq-41ja-pbf1
Aliases: CVE-2017-1000014 GHSA-9hrc-rwrq-v6mh |
Improper Input Validation phpMyAdmin is vulnerable to a DoS weakness in the table editing functionality. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||